Archive for 'February, 2012'

A while back I wrote an article for Simple Talk concerning one way to reset a Windows password on a machine that you have physical access to. I decided to make an accompanying screencast to show it in action. Below are two identical videos. One on YouTube, the other on Vimeo. Choose the video site that you prefer the best.

Note that the YouTube video is rendered in 720p so crank up the quality and watch in full screen. For some reason the Vimeo video isn’t in HD even though I have one HD upload per month.

Vimeo

YouTube

Etc. Notes

Let me know if you spot any glaring inconsistencies. The presentation portion of the screencast was made with Prezi. I used the Windows version of Camtasia Studio 7 to make the screencast.

Do you have any topics that you’d like to see explained in a screencast? Let me know in the comments below.

(P.S. Yes, I realize now that I start sentences with the words “so” and “now” far too much. I’ll work on fixing that in the next screencast I do.)

I recently had a moment involving a CentOS server that caused me to circle the wagons and ask “Who just did what in their shell?!”

After quickly checking to see who was currently logged in (as well as those that had just recently been logged in), I wanted to see the command history for each user on the server.

Before I go any further, let me say a few important things:

There are more shells than bash

Each shell has its own history options and files. Don’t assume that because you found all the .bash_history files on a machine that you have all shell histories.

And all the zsh proselytes said “Amen.”

.bash_history is a suggestion not a rule

Bash’s history file (that’s the $HISTFILE variable) can be changed. Just because you found all the .bash_history files on a machine doesn’t mean you have all of bash’s history.

Bash history is a convenience not a reporting tool

Bash history can easily be altered for both good and bad purposes. It is not to be relied on as a a way of seriously auditing what has been done on a server. For that kind of thing, look at auditd.

Scan all .bash_history files

The above notwithstanding, if you want to quickly scan your machine’s .bash_history files consider the following options.

The first is dead simple, and I thank @etrever, @evilchili and Gilles over at unix.StackExchange.com for this method (I’m still getting my *nix chops).

grep -e "stuff goes here" /home/*/.bash_history

Yep, simple as that. This is of course assuming that 1) All user folders are standardized, and 2) your history files all share a common name. If the previous two things are true, this is a great, quick way to see things like… oh… say… “Who just went all chmod -R 777 on the httpdocs folder?!“

However, if you want a slightly more robust way of searching through all bash history on a machine that takes the home folder ambiguity out of the equation, Gilles from the Unix & Linux Stack Exchange had an awesome solution.

getent passwd |
cut -d : -f 6 |
sed 's:$:/.bash_history:' |
xargs -d '\n' grep -H -e "$pattern"

I had never seen the ‘getent’ tool before which gets entries from the following administrative databases: ahosts, ahostsv4, ahostsv6, aliases, ethers, group, gshadow, hosts, netgroup, networks, passwd, protocols, rpc, services, and shadow. ‘Cut’ segments the input by a colon and then selects the sixth field which is each user’s home directory. Sed works its magic to take the input and append it with the probable location of the .bash_history file. Finally grep is fed each path and searches for our pattern.

Certainly, if there is a question about the existence of other shells or if you want to be certain that your history file really is called .bash_history, you’ll need to add some extra logic in. However, for my scenario, this was enough to get me going.

Unfortunately, I was made painfully aware of how bash history is a mere user level convenience and not an auditing tool. Nothing malicious was done to the server and nothing terribly bad was done, however as I looked deeper into what could have happened, I realized that a much more thorough auditing trail might be needed in the future.

How do you handle shell history? Do you implement any special tricks to make it more reliable or do you use an entirely different system to keep track of commands that have been run?

My Problem

While performing the migration of my WordPress 3.3.1 blog, I used the “export” and “import” features to move my content. Upon trying to import the .xml file into my new WordPress installation that the export feature on the old installation had created, I hit upon this error:

Sorry, there has been an error.This does not appear to be a WXR file, missing/invalid WXR version number

My Solution

Downgrade to WordPress 3.2.x, perform the importation and then upgrade to the latest version.

Downgrading can take two forms: simply reinstalling WordPress from the ground up using an older version or taking the files of an older version and overwriting all existing 3.3.1 files with the exception of the wp-config.php file. Do not overwrite the wp-config file of the WordPress installation that you are trying to import into.

To find old versions of WordPress, visit the WordPress Release Archive. Make sure not to download one of the beta or release candidate files. Also, be aware if you’re site uses the MU version of WordPress. The files for MU installations are separate from the non-MU files.

Other Solutions

There are other possibilities as to why you cannot import your XML file.

The first is to look in the XML file and, near the top, add the line “<wp:wxr_version>1.1</wp:wxr_version>” (without quotes) just after the language definition declaration. For more information, see this WordPress Support thread.

Another possibility is that PHP safe_mode might be turned on and causing problems. safe_mode being on does not in itself guarantee that it is the cause of this problem, but it could be. You will need to contact your web host and ask if safe_mode is turned on. It is common for shared web hosts to enable it.

When looking at a list of filesystem objects, I have trouble visually parsing rwxr-xr-x or similar permissions. It’s probably something with my eyes, but I’d much prefer to see 755. More than just a visual preference, somehow I just “get” it faster than seeing letters and dashes. Surely there must be some simple switch in ls that will do this, right?

Wrong.

However, a quick-n-dirty way of doing this is with the “stat” command using the -c switch. Stat itself will show you file or filesystem status information. The -c switch allows you to customise the output. To see file permissions in octal use the “%a” format sequence. I toss in a few other format sequences for my tastes:

stat -c "%n %a %G %g" IMG_0346.MOV
IMG_0346.MOV 664 wesley 500

The file’s name is shown as a result of %n, %a shows octal permissions, %G shows the owner’s group name and %g shows the owner’s group ID.

To see the octal permissions of the contents of an entire directory (in this case my Downloads directory) simply use a star thusly:

stat -c "%a %n" Downloads/*
 
664 Downloads/localhost.sql
664 Downloads/premium-pixels-fancy-pants-blog-magazine-theme.zip
755 Downloads/premium-pixels-package
644 Downloads/readme.html
664 Downloads/RobDuck1.JPG
664 Downloads/RobDuck2.JPG
664 Downloads/socialite-modern-wordpress-theme.zip

This isn’t my ideal, however. I’d really like ls to have the option. Perhaps there’s some bastardized and recompiled ls out there. Have you ever wanted to see octal permissions on your filesystem lists? How did you go about achieving that goal?

My Problem

Remote desktop connections to a Windows Server 2008 R2 Enterprise server were absurdly slow. Refresh times were as high as ten seconds. No amount of lowering the connection settings on the remote desktop connection would increase the speed. This problem occurred from Windows Vista and 7 clients connecting to the Windows Server 2008 machine. It did not happen when connecting via RDP from Linux machines.

My Solution

On the Windows Server 2008 machine, navigate to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Add a new DWORD and give it the name DisableTaskOffload. Set the value on the new DWORD to 1.

More Information

Many articles on the web about slow RDP speeds will focus on Receieve Side Scaling (RSS) and Autotuning. I tried turning both of those off using the following method from an elevated command prompt:

netsh interface tcp set global autotuning=disabled
netsh interface tcp set global autotuninglevel=normal

That did not help matters any. For more information on Windows network offloading, see this old article from 2001. Here are some other references to disabling task offloading that might be of interest

• Slow performance when you try to access resources on your Virtual Server 2005 host computer from a guest virtual machine
• Information about the TCP Chimney Offload, Receive Side Scaling, and Network Direct Memory Access features in Windows Server 2008
• You experience intermittent communication failure between computers that are running Windows XP or Windows Server 2003

“It’s just not goin’ through!” said the Southern gentleman in a perplexed but gentle tone.

I was doing simple desktop support style work for a small organization that I’ve been acquainted with for several years. They’re a satellite of a larger, multi-million dollar organization, but are largely self contained. That includes finding their own IT support which, prior to me becoming acquainted with the leaders, consisted of nagging anyone’s sons or daughters who could glance at a computer and not immediately explode from hypertension.

“I dunno why your laptop is the only one that does this,” I said into my headset as I rubbed my forehead hard. This was a remote case. My home office is in Phoenix, Arizona and this organization was in another state, two time zones and 2,000 miles away. I had given up hopes that the day wouldn’t be totally consumed by this call. It was a simple matter of installing an online backup client and trying to track down some strange problems with Microsoft Office – but things kept going oddly awry.

I use CrossLoop at the moment as my go-to remote support tool. It’s a bit bare-bones and I’m not entirely happy with it, but it’s the best free tool I have at the moment before I commit my money to a fuller product. I’ve been deeply involved with comparing other remote support tools and am nearing a final decision (oh if only I could afford a Bomgar appliance). Until then, I deal with CrossLoop.

“There it is! Took ten tries that time!” the elder gentleman drawled in victory. He was well past retirement age, but was far from retiring. He was no fool – having done many successful things for many people over many years. He was currently in an unusual two-week period of rest in-between world travels. He had just come back from galavanting around the US at sundry speaking engagements and was planning a trip to Africa to lead a small group. That would likely not be his only trip out of the USA for 2012.

I connected to his laptop and began my tasks. In the course of my support work for him I had to reboot the machine a few times. That required the user to launch the CrossLoop executable file after logging in and once again starting the mysteriously recalcitrant process of getting connected to me.

If anyone reading this is familiar with remote support tools, CrossLoop works no different than most do. The person who needs support launches the program and reads an access code to someone else. That other person then enters the user’s access code into their own instance of CrossLoop. The one requesting support must click a “Connect” button which then contacts CrossLoop’s mediation service. The one who will be connecting also clicks their “Connect” button and the connection is brokered by the mediation service. After clicking the connect button, the button immediately turns into a “Disconnect” button so that either party can instantly end the session.

All in all it works out pretty good. Except for this one laptop.

“Great! Only took four tries this time!” the man chuckled. As I worked on the issues that I was contacted to help with, I was also trying to decide how to tackle this mysterious CrossLoop problem. It seemed unlikely that it was a network issue. I never had problems with his internet connection while I was connected. No complaints about dropped downloads, or wireless signal or anything else had been lodged. It happened regardless of where the user was located, so it seemed like it wasn’t an ISP problem.

Some very strange issues with the laptop’s applications made me wonder if there was deeply hidden trouble with the OS itself. Perhaps some fundamental driver or DLL file was corrupted in such a way that caused lossy communication under certain circumstances? I just couldn’t figure it out.

“Okay, to finish this up, I’ll need to log you off of this current user and log back in as a different user.” Unfortunately, CrossLoop requires a user to be logged in before it can be launched and receive / sustain connections. Every logout / logon event caused the user to have to re-connect with me. Of course, as it had to happen, that day’s problem narrowed down to a corrupt Windows user profile. I had to log off and log on multiple times in the course of troubleshooting and ultimately migrating files.

“Here’s your new code.” The man recited a series of numbers to me. I entered them and clicked my connect button while waiting for his side to finally “go through.”

I stared at the connection screen. I like the “Disconnect” button that shows up immediately after you click “Connect.” Just look at it! Big, chunky and orange with a nice call to action printed on it. I’ve been a student of conversion rate optimization for a little while now and am getting more into doing eCommerce sites for clients. “That’s a nice orange button. It should be used as a checkout button…”

“Whew! Eleven times that time!” This was absurd. I had to figure out why this was happening.

After some more work, I had to reboot the laptop once again. Of course, the user had to once again open CrossLoop and initiate the connection to me.

“Oh! Hey, you know what? I think the times that I’ve connected right up to ya’ll has been when I only clicked the connect button once instead of double clicking.”

I inhaled sharply.

“Ayup! I click the “Connect” button just once and it hooks right up to you!”

Back in January of 2011 I announced a ServerFault 10K challenge. The premise was to gain ten thousand points on ServerFault (or, alternatively, the StackExchange site of your choosing). Many joined, only a select few achieved the goal.

Prizes were awarded to those who achieved the 10,000 point goal as well as for those who reached the halfway point of 5,000 points. Ten-thousand point earners won a Buds Luxury Duck and five-thousand point earners won a Buds Mini Duck.

Some of the winners were able to submit a photo of their duckies.

Moirai must be giggling because Philip “Chopper3″ Buckley-Mellor already had quite a collection of Buds ducks. This contest allowed him to add to it as well as bask in his Britishness with a fancy Royal Guard duck.

Rob Moir received a pretty polka dotted duck. It matches perfectly with his pretty, pretty pony avatar.

I’m not really sure what’s going on here, but I’m a little weirded out:

Tom O’Connor is a rock star SysAdmin who is not afraid to be a bit edgy, and thus he won a rock star duck:

Here’s to you, ServerFault winners! May the upvotes continue to pour onto your worthy contributions.

I’ve cleaned many a back room computer closet and found quite a number of artifacts that belie how far technology has come in just slightly more than a decade. One such item is the Iomega Jaz drive. I found a package of Jaz disks at a client and, instead of throwing them out, I dissected them and then threw them out.

I really didn’t know what to expect while cracking the cases open, but what I encountered made me stagger. When I opened up the case, I saw what amounted to a hard drive platter sitting loose on a plastic spindle:

The precious platters were protected by the mighty power of… bendy aluminium.

The bendy aluminium was held in place and allowed the freedom to move by a paper clip. Paperclips make the world go ’round!

I took a few more picture of the dissection and posted them on my Flickr account. Take a look at the ignominy here.

So how about it? Are you as appalled as I am that such a product made it to the consumer? Spew your ire in the comments below.