Monthly Archives: September 2009

Barnes & Noble Book Club – how many people is this really good for?

I went to Barnes & Noble over lunch with Mooney to order up some books for my Masterful Leadership class;  look for my thoughts on these books in some upcoming posts.  They will probably be pretty good, the professor evidently loves them and he seems like a pretty awesome guy.

What I didn’t realize was that since my order was over $25 (none of my books were in stock, of course) that shipping was free to my house and I would likely get the books sooner because there wouldn’t be the business of receiving them and notification to go through at the store.  That was a pretty nice surprise.

When I took my receipt up front to pay for the books, of course they asked me if I wanted to become a member as I would save a whopping $10 on this purchase. Mildly interested, I remembered turning this down before so I asked if there were any charges to join. $25 per year was the response from the perky cashier. Given I don’t buy books very often, I declined. They must make money on most people who join, why else would they even have the club? It just becomes mildly annoying when they ask about it every time you buy something. I suppose it is just part of their job…

–Nat

Laminate flooring is down, but not done…

Kristin and I made it to the last row of flooring right now, where we unfortunately ended up about half an inch long.   This means we have to take 1/2″ off about 6′ worth of flooring.  Luckily, D. Meier has a table saw we can use for this.  With any luck, that will make this adjustment rather trivial.

From there we need to work on the threshold and that is going to take some special massaging. The little pieces of wood that are on the interior of the door frame that help the door seal up are too close to the floor on the one side.  We’ll see what I can get done with the dremel, hopefully it is rather painless.  I have no idea how we would go about taking that wood off so that we could cut it in  a more traditional manner.

At least we are a lot closer now than we were Saturday afternoon.  Another plus was the acquisition of a power miter which should prove to be handy in the future…

–Nat

Password complexity and MOTD in ESX 3

Continuing the quest to install ESX 3.02, it came about that we need to enable some password security.  There is a couple things to do here, the first being to run the command “esxcfg-auth” – this command will bring up the list of commands available which include setting how long the password is valid, how often the password can be changed and when the warning will appear that the password for a given account is going to expire.

The meat of the password security is setting the password complexity rules setup.  I found that using the –usepamqc=values worked well.  Here is the verbose language:

-KjB
–usepamqc
Enables the use of the pam_passwdqc PAM module for password com-
plexity checking. It can be configured by passing a 6 value tuple
as the value. The tuple is formed from the following information:
– minimum length of a single character class password
– minimum length of a password that has characters from 2
character classes
– minimum number of words in a passphrase
– minimum length of a password that has characters from 3
character classes
– minimum length of a password that has characters from 4
character classes
This does not fully expose the abilities of this powerful PAM
module. See the pam_passwdqc man page for more information on how
to use this PAM module to enforce password rules on the user’s
password.
If you pass a value of -1 for any of the six tuple values,
that is understood as disable this option. An example of a tuple
is “8 -1 -1 -1 8 4”.

That worked well (with some different values of course.)  The last number, not described above is the number of times a character can appear in the password.  In this case, that would mean any single character could appear four times.

To add the a nifty warning message when a user logs on, simply create a file titled “motd” in /etc and add your message.  Easy!

–Nat

Vikings Win, 10-6 on the PickEm, Cyclones Win

It’s going to be a better week as the Vikings won, what is really pretty crazy is that the Vikings appear to be a second half team this year as  both of their wins have come out of second half rallies.  Admittedly, both of the teams were pretty awful.  The Browns got blown out by Denver this week, Detroit is Detroit.  We’ll see how they fare against San Francisco next week, another team that is also 2-0.  At least it will be a home game, with the winning record it shouldn’t be blacked out.

PickEm was rougher as expected, especially as I lost big points on the Patriots, not too mention the failure of starting Brady in one of my fantasy leagues.  Philip Rivers turned out to be a good start in my other league, and holy crap Frank Gore.  You and Adrian Peterson single-handedly filled out my skilled positions score…

Yesterday was the day the Cyclones broke their record-setting 18 away game losing streak at Kent State.  I have to believe they paid Kent State even more than other years so they could play them on the road.  Ah well, a win is a win even though it apparent they still have issues at the QB position.  Kristin and I are looking forward to traveling to Ames and seeing the Cyclones handle Army.  They should handle Army, anyway.  They should be able to beat Colorado and with any luck surprise a Big 12 school at home.  Four or five wins coming off a year in which they one two games.

I should note that I am using the “Clone Zone” streaming audio to enjoy the games.  Wish it was free, but at the same time it is pretty amazing that it all works.  A decade ago, I would have been simply out of luck.  I wish I could buy the games singly instead of signing up for a subscription.  Its the kind of thing that I will remember the day after I get charged for another month…  I’ll keep it for the whole season if they can stay in games.  The Iowa game was embarrassing to listen to.

–Nat

Pro Football 2009, Week 2

Today should be a pretty exciting day for Vikings fans with the team on the road to Detroit. If Detroits defensive performance against New Orleans (Drew Brees threw for *six* touchdowns) is any indication, the Vikings should be able to roll over them. Will that happen? Unlikely, the Vikings always seem to play to the same level as Detroit. Let’s just hope they win, that’s what has to happen…

My Yahoo! Pro Football Pick ’em is bound to get worse this week, as I had a perfect set of picks last week. Pulling for the Browns, Cardinals, and the 49er’s as upsets this week, I think.

Which reminds me, I need to go tweak another fantasy league – get Percy Harvin up into my starting lineup…

–Nat

Working on the office…

Kristin and I are putting in some laminate flooring to comepensate for the fact the previous flooring was installed around the cabinents that were installed. 

Should be a good time, Kristin has been reading up on it and we are going to start tomorrow morning after finishing the last of the prep work tonight.  We’ll see how the ol’ manual miter box works for me 🙂

–Nat

TeamJuchems Backup Plan Hits a Snag *Update*

Update:

So, I am a moron.  That’s the idiot error you get when you don’t type the password right in your script.  Yep, got it now.

Original:

Well, crap.

insufficient rights to host operating system

The dreaded UAC controls and security model in Server 2008/Vista have reared their head and I think its going to be complicated to work within their rules.

My plan hinged on the automated shutdown, copy and then restart of my Ubuntu server VM.  There are two obvious hurdles to this plan.  The first is acquiring/writing a script to do this.   Secondly, I don’t believe that VMware tools has been successfully installed on the Ubuntu server – I spent a lot of time on that, custom compiling, adding packages, etc.  This seems to have been ineffective so far, but I think that  should be somewhat easy to over come.

Back to the first issue, the automation.  It seems that unlike the big boy version of VMware, VMware Server 2.x doesn’t have a built in task scheduler which would have just been too darn easy.  It does come with an executable that should be an enabler, however.  This script I found would work really well.  The issue is that the script blows out when it hits the “vmrun.exe” because even running the command prompt as administrator doesn’t pass on the necessary rights elevation.  Looks like I could do some fanciness in VB that would make this work…

I am going to try and run the commands singly in task manager to see if the “run as” there is effective.  Probably not, but I can hope.  Time to dig into that, which is just fantastic and will require some local group policy work.  Once I have a fix, it might actually be useful to others.  We’ll see.  Ideally I’ll find a fix that works within the default Server 2008 security model which would make it much more portable.

–Nat

Internal DNS FTW

I finally got windows DNS up and running on my Windows Home Server after putting it off for a year or so.   It seems trivial, but I view it as one more configuration item to recreate after a rebuild.   I hope that my current WHS lasts about forever (I built it with 3 to 5 years in mind) but the system drive could always fail – not to mention that WHS2 should be out before too long.  Once WHS is 64 bit, I’ll consolidate my main VMware Server instance onto it and it will be nice to be down to basically one server in the house.

Anyway, I had a couple challenges, but mostly those were due to configurations across my two networks (one behind the G router, the other behind the N router.)  The long term solution is to flip both of those into AP mode and do all my configuration on the SMC gateway but that is an undertaking for another day.  The other was related to flushing the dns cache on the DNS server itself.  Seems obvious, right?  Well, I wasted about twenty minutes before I caught on to it.

I switched over to OpenDNS for my external DNS servers and that seems to have sped up internet browsing a touch.

The last thing to do is to have DHCP append a domain (so atlas will be atlas.jhome) to PC’s and then setup a zone for that on my DNS server.  That way name resolution will be tidier and I can setup reverse zones and such.

And the next last thing to do is to setup another windows host for dns so I don’t have to worry about maitnenance activities upsetting our LAN and internet access.

It just never ends!

–Nat

Fear Mongering Over Virtualization

Dailytech Virtualization Article

Seriously?  A dark side to virtualization?  If virtualization technology is phased in by someone that has a clue this cannot be an issue.  Take something like Exchange 2007 – will the performance be worse virtualized?  Yep.  But what kind of horsepower do you really need for 100?  Or 1,000?  A modern server on the VMware HCL that is configured reasonably should be able to take 30 to 40 servers, which means that many SMB’s could get away with a two node cluster.

Virutalization allows for enormous flexibility.  Even if you run the most basic version of VMware ESX, you’ll get fully encapsulated virtual servers that you can back up cheaply with a product like vRanger from Vizioncore for complete, bare metal backups.  You could run two or three servers per host and see incredible DR and utilization benefits very cheaply.

If the issue for SMB’s is that they are going to be dumb and deploy a technology in a way that dreadfully increases risk that’s a not a technology problem.  That’s a stupid person problem.

It really sounds like the analyst wanted to say something to stir it up.  Congrats, man, but you just sound ignorant.

–Nat

More fun with legacy ESX 3.02

I’ve gotten really spoiled recently (say, for the last two years) on setting NTP on ESX servers.  I found a nifty script that would take an answer file, do all the necessary firewall and startup tweaking and that was that.

Unfortunately, it only worked if I used a certain version of winscp and my Dell 620.  For whatever reason, any other combination broke the script (confirmed by other admins here).   Well, the 620 died a couple months ago, just after my cube migration.   I didn’t bother fixing the script because recent (as in published in 2008 or newer) versions of ESX added NTP configuration to the GUI and that has worked fine.

Now, I am installing 3.02 again and NTP configuration looks like this:

(1) update /etc/ntp.conf

restrict 127.0.0.1

restrict default kod nomodify notrap

server xxxx

driftfile /var/lib/ntp/drift

(2) update /etc/ntp/step-tickers

xxxx

(3) update /etc/hosts (if using hostname)

(4) using putty or similar to goto the console, login as root and run the following command. This opens the appropriate ports and enables the NTP daemon to talk with the external server.

root@esxhost# esxcfg-firewall –enableService ntpClient

(5) Restart the NTP service.

root@esxhost# service ntpd restart

(7) Now you can set the local hardware clock to the NTP synchronized local system time. Run:

root@esxhost# hwclock –systohc

Sheesh.   Props to the VMware Forums for coughing up that bit of goodness.

I like the GUI better...I like the GUI better...

–Nat