Sc@-tt3r-ed Thoughts

A few days ago,  I posted an article about creating a hidden share on a Mac server. Well, apparently, with Apple, from version 10.5.8 to version 10.6.x, the way things work actually changed. What a shocker! ok.. sarcasm aside.. Here’s what happened.

In OS 10.5.8, there used to be a file in /var/samba/shares, that can be renamed with a “$” sign in the end, to make an existing share hidden.

In OS 10.6.2 and above, that “shares” directory just disappeared, and therefore my idea about creating hidden shares with this method became obsolete.

So, I went back out there googling for a solution. Unfortunately, not at a single forum I went, did I find any one dealing with this issue. (strange?), so I started digging in Samba documents in order to see if I can somehow have a workaround in the Samba configuration to allow the hidden shares to show up.

Here’s what I found:

Samba, in Snow Leopard, keeps its configuration in /var/db/samba. The file is that is of interest, is the /var/db/samba/smb.shares. In Traditional configurations of Samba, these shares get their configs from smb.conf, however, in this situation, smb.shares is the file needed.

So, let’s put down the scenario I was in and how I resolved it:

The Snow Leopard server was the SMB server for home folders, for both Mac workstations, as well as Windows workstations. The home folders for the Mac was at the following path: /Volumes/StudentData/User/Students

The SMB share from within the OS X GUI was pointing exactly at that path, and was shared as a non-hidden share called: Students. When creating the Mac home folders, this is the path that gets looked at, and gets the users’ home folder. Thats a no brainer. However, when Windows workstations need to map the home directory, they need a different path, mostly because my Windows infrastructure is standardized to the format of: \\servername\user$\students.

From the GUI, as far as I know, it’s impossible to create a separate share point to the same physical path. However, in SMB it’s possible. Unfortunately, this was not the only challenge, because, even if it was possible to create multiple share points within the GUI, there is no way to make it a hidden share.

So the idea is to create a config file in SMB that will do what we need.

Caution: The file we’re going to change is going to have a warning on top that says: # This file is automatically generated, DO NOT EDIT!  . This is nothing to worry about it in this case, as long as you are aware that this statement is actually TRUE! meaning, if you go back to the GUI, and modify any of the shares, this file is going to revert to its default, overwriting any changes you made outside of the GUI. So consider yourself warned, and make sure that you keep your changes somewhere that you can restore after you make modifications to GUI share points. 

Edit the file: /var/db/samba/smb.shares

For the configuration above, the file would look something like this:

#
# Configuration options for smbd(8), nmbd(8) and winbindd(8).
#
# This file is automatically generated, DO NOT EDIT!
#
[Students]
comment = Students
path = /Volumes/StudentData/User$/Students

available = yes
guest ok = yes
inherit permissions = yes
create mask = 0644
directory mask = 0755
oplocks = yes
strict locking = 1
read only = no
Browseable = yes
[global]

In order to add the hidden share to be accessible via \\servername\user$
we’ll add the following section, before the [global] section.

[User$]
comment = Users
path = /Volumes/StudentData/User$
available = yes
guest ok = yes
inherit permissions = yes
create mask = 0644
directory mask = 0755
oplocks = yes
strict locking = 1
read only = no
Browseable = no

[global]

What we have effectively done in this case, is create a share that is non-browseable for Samba (by setting the “Browseable = no” argument.), and naming the share User$, which is what Windows refers to hidden shares as. By combining the way both OS’s understand hidden shares, we have satisfied all the requirements needed or both Mac home folders, as well as PC shares, that no longer have to comply with the exact nomenclature that OS X pins us down to. (Take that Apple!!)
Make sure to restart SMB on the OS X server anytime you make change.

This post is a note to self, as well as a note to any geek out there who has the misfortune of dealing with moving Active Directory accounts across domains.

So, as you may know, I use User Management Resource Administrator (UMRA) to manage my 34,000 students. Some of the challenges I have were more or less self-inflicted, pre-Windows 2008, and the ability to do granular control of password complexity rules. That is for another topic though. I have to allow my script to move accounts from one domain (DOMAIN1), for elementary students, to the second domain (DOMAIN2) for the secondary students.

If you know about Active Directory, and Security Groups, you will quickly realize that the scope of the security groups in which the AD object resides, and/or any attributes that don’t comply with the second domain will stop the process from migrating that object from one domain to the other.

As of last year, I had 2 main domain controllers holding the FSMO roles without any particular distribution of roles, so my process would work fine. This year, as I’m running the scripts to import the students, every single account that needed a cross-domain migration failed, with the ugly error:

Error 0×80072035 (8245) moving AD object. Error moving-renaming object. The server is unwilling to process the request. (-2147016651)

Yup, that’s ugly, but fortunately, as I explained above is caused by incompatible attributes between the two domains, and therefore fairly easy to fix.

Of course, since my scripts haven’t changed at their core from last year to this year, I didn’t know what was going on.

After additional research, here’s what I found out:

Moving an Active Directory object from one domain controller to another requires that the server to which the object is bound for the move operation hold the RID Master role. Well of course, this summer, when I added additional domain controllers to the child domain, I didn’t think of that one line in the 3000 line script. Well, it broke stuff!

Sure enough, after changing the object binding from a non RID Master domain controller, to the RID Master domain controller, everything was peachy again.

What we take out of this: When moving Active Directory objects from one domain to the other, within the same forest, the operation needs to be bound to the domain controller holding the RID Master role.

VMWare View 4, though great when it’s working, is a real pain when it’s not working or something is broken. I am constantly learning new things with it, and sometimes have to take riskier steps than others, especially that VMware support is less than useful most of the times.

Today’s issue is related to creating a pool of machines, where one of the machine exists in vCenter, and in the Composer DB, but for some reason, it does not get listed within the pool. At this point, the pool trying to create that VMs conflicts with the actual VM that exists in vCenter, as well as the database entries that exist in the ComposerDB.

Disclaimer: the following steps involve messing with the VMWare Composer database. I take no responsibility if you end up messing your Composer DB. BACKUP, and proceed at your own risk!

Now that the disclaimer is out of the way. Let’s look at the steps to bring your pool back to life.

1. Delete the VM from the datastore, or from within vCenter, “Delete from Disk”
2. Go to the Active Directory OU where your pool workstations exist, and delete the computer object from there
3. Open up the Composer DB database with SQL Management Studio, and you need to delete some entries related to that VM:
   - SVI_VM_NAME where NAME is the deployed VM name
   - SVI_VM_COMPUTER_NAME where NAME is the deployed VM name
   - SVI_SIM_CLONE where VM_NAME is the deployed VM name.
   Before you perform this last query, there are 3 other rows to delete, as they have constraints on them:
   - SVI_SC_BASE_DISK_KEYS where PARENT_ID is the ID from SVI_SIM_CLONE
   - SVI_TASK_STATE where SIM_CLONE_ID is the ID from SVI_SIM_CLONE
   - SVI_SC_PDISK_INFO where PARENT_ID is the ID from SVI_SIM_CLONE

After you perform the above steps, check out your provisioning, or re-enable it if it had been disabled due to the error, and things should continue along without a problem.

As I usually do occasionally on my phone, I went to the App Store to check for updates. Since the release of iOS 4, one of the main reasons I repeatedly checked for updates was due to the Skype application.
There was  an application for the iPhone called Fring. and in and of itself, is a great app. For a little while, they even supported the Skype protocol, which was exciting. Not too long after its release though, Skype and Fring got into some legal battle, and since then, Fring removed its support for Skype.

Well this morning, my day was made! Skype finally released its iPhone update, which makes Skype iOS 4 compatible. More specifically, allows Skype to be run in the background. I had always wondered what this would mean, for Skype running on the iPhone, when both my cell number AND Skype number are connected to my Google Voice number, the latter of which is the one that I give out to people.

So I decided to do a quick test:

First I opened up Skype and put it in the background, then I called myself on my SkypeOut number. A push notification popped up on my phone with the Skype ringtone, and I was able to pick up the Skype phone call. FTW! I pretty much expected this test to work ok.

The real test, however, was the case where I would receive a phone call on the Google Voice number. I was wondering how my phone would handle this. Well, it was surprisingly good. When I dialed my Google Voice number, my phone’s ringtone actually sounded, the Skype ringtone did not, however, the push notification still popped up for the Skype call, while the cell number was ringing. Granted, the push notification goes behind the dialer window, so I had to reject the cell call, and then click on “Answer” on the Skype notification. At this time, the Skype app was foregrounded, and the Google Voice greeting sounded.

in a couple of instances, when dialing the GV number, the Skype push notification didn’t actually show up, and that may be due to the order in which Google Voice dials, or rather, establishes a connection to my devices. Not really a big deal, and I’m not even sure that there is a way to really make this problem completely disappear. After all, the way I’m using my cell number and the skype number under a Google Voice number is probably not a very common way people will use these services, but in my mind, if the more complex setups work, then, the simpler ones will definitely work.

Recently I have been trying to use Google Chrome as my main browser, just to see how it would compare with Firefox, and surprisingly, I’ve been quite impressed, to the point where I don’t really mind it. There are a few things that are not completely up to par with Chrome, like some websites (forms) not working quite correctly, and some utilities and extensions that I used in Firefox don’t work quite the same in Chrome. Fortunately, the gap is being filled by having most of these utilities that would otherwise be browser-based, convert to being server based (or in the cloud). Most recently, GMAIL’s formatted HTML signatures becoming native within the GMAIL settings, eliminating the need to use an extension from Greasemonkey, or WiseStamp.

I digress regarding the comparison of Google Chrome vs. Firefox, at least for the purposes of this article. What I really wanted to address is a nice feature that I recently just discovered in Chrome, and that is the Address Bar searching, without any added extensions. If you are a Firefox user, this would be quite close to the functionality of the Omnibar extension.

If you do use Chrome on a regular basis, you may already know that typing any terms in the address bar, will perform a search in Google. However, did you know that if you wanted to search elsewhere, there is a whole slew of search engines that can be pointed to straight from the address bar? You can get to it by right clicking on the Address Bar, and selecting: “Edit Search Engines”…

Once you do that, you will get the list:

From here, you can change the search engines that can be used, along with the keywords associated with them. For any search engines that may have overlapping first characters, you just have to type enough letters of the search engine to make it unique, and press tab. For for Wikipedia, I type wik and press tab:

Then type your search query and press enter, and voila, you are in Wikipedia, with the search results.

Pretty slick!

If you have a Google account of any sort, you are likely using one of Google’s many services.

One of the issues always talked about regarding Google, is how much data they have on you. Of course, there are things like your “Web History” that you can check out. But if you use Picasa, Google Docs, Gmail, Gmail Contact, Google Voice, etc … there is quite a lot of additional information that Google has about you.

Today as I was looking at my account settings, I found an interesting link, which I had never seen before, and that is your Data Dashboard. If you go to this link while logged in to your Google account, you will see a list of all the services, and an overview of what data you have stored in each of these applications. Quite enlightening, in my opinion. As a matter of fact, by looking there, I found out that I had some files scattered in some Google services that I once tried, like Google Sketchup, and never deleted its content. Imagine what more you may be able to find if you go through this exhaustive list of services, you may be surprised.

Give it a shot and see how much of “you” Google owns.

I got my hands on a copy of Mac Office 2008, and was so excited to check out the new entourage, since I’ve always had gripes about the lack of functionality of Entourage. Well, turns out that all Microsoft did with Entourage is add a few eye candy features, and shipped it back out. I figured, in 4 years, they would’ve had enough time to invest in sprucing up the functionality to become at least comparable to the PC version. I was wrong!

I am just recently a Mac person, and never really had any bias towards Mac users, but now that I have my own Mac, I will refer to “US MAC USERS”! , we, feel left out.

Here’s my opinion about it though, ever since Leopard came out with the spiffed up version of OS X mail, I’ve been using that with no complaints. ok, maybe a couple, like the lack of a nice archiving system like the PC version of outlook has, and which Entourage STILL doesn’t have! I have not tested full functionality of Office 2008, because I’m still dealing with the initial shock of disappointment!!

At this point, I’m thinking of reverting back to OS X Mail, and using the PC version running Office 2007, on my Parallels VM. cloodgy? maybe, though with the Parallels tools installs, the locations of my files don’t even matter.

Before I finish my rant on Office, I have one more gripe! Pricing!

Hello!? $400??? for the standard version of Office 2008 that actually supports connection to Microsoft Exchange. Hmm… I work for a school district, and when they create a version of office that says on it “Teacher and Student edition” … I would expect all teachers and students jumping on that version, when, in reality, in my case, 100% of the teachers will actually need Exchange functionality! So now, $150 for the retail price of the Teacher and Student edition won’t be enough anymore, and the $399 edition will be required. Granted, educational pricing will probably still be lower than that, I think that the featureset that got offered in this version does not deserve this big hype, and certainly not this high price!

Oh, and I don’t believe I’m the only one that had this issue with Office 2008 for Mac… reading reviews about it, I see these complains all over… Microsoft! get on the ball with Mac users!

[poll=2]

I am a relatively new Mac user, and I am still learning the ropes. One of the things that I used to be bale to do very easily on the PC was to create an ISO (CD Image file) from a CD. On the Mac, I attempted to do it using DiskUtility, which is a native tool that comes with OS X, but it does not really do the job. So, after a little bit of research, I found a cool way to do it, which is fairly easy. For this to work, you probably have to be a little comfortable using your “Terminal” application. I will try to put the steps in as much detail as possible, so that you can follow along:

Disclaimer: Please note that the tool used in this article (dd) can be dangerous, and, if used incorrectly, can end up wiping your whole hard drive, so, consider yourself warned!!

- Open “Terminal” : Applications / Utilities / Terminal

- With your CD mounted. (You should be able to see the CD on your desktop, type:
df -h

The important line is /dev/disk1s1s3 . This is the device reference to your CDROM drive.

This number may vary, and in order to be sure that your CD device reference is the correct one, you can run the following command, and that should give you at lease the first part of the device without the reference to the volume:

drutil status

This /dev/disk1 is the CD Drive.

- Unmount your CD:

diskutil unmountDisk /dev/disk1
Disk /dev/disk1 unmounted.

- Now create the ISO

dd if=/dev/disk1s1s3 of=mynewcd.iso bs=2048

- When the process finishes, you should be able to mount that image using this command:

hdid mynewcd.iso

Or you can mount it by double clicking on the iso file, and it should show up on your desktop.

Gotchas:

- The main problem that I had with doing this process was to refer to the CD device, instead of the volume that I need to rip. (i.e: /dev/disk1, as opposed to /dev/disk1s1s3). If you use dd and get the final file, it’ll look fine, but when you try to mount it, you will get an error. So make sure you refer to the correct volume.

- Make sure that you are writing the ISO file somewhere within the filesystem that you have WRITE access. The safest place would probably be your home directory, so your dd line would be best that way:

dd if=/dev/disk1s1s3 of=~/Desktoop/mynewcd.iso bs=2048

This will actually write the file straight on your desktop, and you won’t have to go looking for it after the process is done.

This ISO can then be burned at a later time.

Have you ever heard of the phenomenon that happens with some community sites that come around? If you are even the slightest internet user , you would be aware of eBay, MySpace, Facebook, etc …

With all my experience on these sites, and these communities, I had not known about the site I’m going to introduce you to until just recently. It is, indeed, a cultural phenomenon in itself… when you go to it, and start participating in the forums, you will know why.

Let’s start with the basics, the site is called WOOT! , and you can find it at http://www.woot.com

The concept of the site is actually very simple: They place one item up everyday for a ridiculously cheap price, and you can buy it for that price. it’s that simple. When I say cheap, I’m talking 60, 70, or 80% off the retail price. granted, sometimes, for electronics, the items are refurbished, but they are great nonetheless. Also, a lot of items, are actually brand new, and a lot of times, their items come in a 2 for 1 package, which ends up being a truly amazing price for that item.

I have personally purchased a refurb vaccuum cleaner from there, and it is working like a charm.

If that isn’t enough, there is actually an event that happens every so often, and it is called a “Woot Out” … where they basically have a marathon of items on display, as soon as the item is out of stock, they put up the next one, and the next one. The trick to that, is that there is no way for us to know how many (quantity) of a particular item they have, so basically you have to keep looking. The deals that come up during a Woot Out! are unbelievable, sometimes very stupid, but sometimes really good.

The cultural piece to that is that the fact that people who are hooked on this site, actually spend an all nighter waiting for the next item, as to not miss out on something that may be cool, the forums, during these events (and even regular days, for that matter) , are hilarious .. check them out …

Are you convinced? No ?? seriously? Ok … here’s one more thing… during a Woot Out! , there is one special item, which is, hilariously called, the Woot “Bag of Crap”, yup , you heard it right, the site has a weird sense of humor, but nothing dirty ever, so you can safely let your kids go to it. ok, back to the “Bag of Crap” .. it’s basically, well, just that, colloquially speaking, of course

The best deal about this bag is that you only pay $1 for it, that’s it! It doesn’t matter what is in it, sometimes valuable stuff, and sometimes, not so valuable, but what can you lose for $1…

I personally have never gotten the “Bag of Crap”, because, I’m not known to have that lucky streak, but I know other people have, and maybe if you end up getting it sometime, you can tell me what’s in it

I hope that you liked this little review about Woot! , and perhaps you will start taking a look at it like I do.

And by the way, if you end up getting hooked, and you happen to use Firefox, you can download a Woot Watcher Add-On, which will show you the current woot in your firefox taskbar, kind of a cool little utility, though to be honest, it doesn’t update as often, or as I’d expect it to, but it works, sorta

If you’ve never heard of Zoho, you may be wondering what the heck that subject means. Well, it’s very easy to explain: 99% of users have used an office suite of some sort, whether it be Microsoft Office, Microsoft Works, Open Office, or any other product. Unfortunately, up until very recently, most of them were actually offline productivity tools. With the new and upcoming Web 2.0, the world has changed, and shifted to online collaboration and productivity tools.

If you are at all involved in the online world, you may be familiar with the Google Docs applications. Zoho is a very similar set of online tools, whose sole purpose is to not only provide a set of application that seamlessly integrate together, but also allow for simple collaboration between groups. The applications range from any thing simple like creating a word document or an excel spreadsheet, to creating a full fledged application with backend database supporting it, using a very user friendly interface, as well as options to script the application manually (for advanced users) using the Deluge scripting language.

One of the very cool features that I personally like about zoho, is that they allow you embed any application, anywhere, they also have plugins for outlook, to collaborate when using their CRM product, as well as other plugins to integrate with other office products, as as facebook.

Now, even you can create something really cool to impress your friends on your MySpace page, or even your professional website, collecting customer’s contact information, or a poll or what have you …

If you are intrigued as to what Zoho can do, you can check out that YouTube video that gives a brief demonstration of the product.

bwA6Fl7Kb18

You can also run this search to get a whole slew of additional videos that demonstrate the different products that Zoho offers.