I had been using a Firefox plugin called New Tab Jumpstart which for new tabs shows like a splash of recently used pages much like you get with Chrome. I found that it was rarely useful and I was only using a single page from it, if anything. So I removed that plugin and found the feature I needed in Tab Mix Plus. You can control what appears in a new tab including a specific URL. Since my "home page" is 3 pages, the "home page" isn't quite what I need, but a specific URL does just the trick.
So there, now I use 2 features of Tab Mix Plus, but it was already #1 in my Essential Plugins simply for the mouse-wheel tab scrolling.
Friday, 10 September 2010
Tuesday, 3 August 2010
Access Control Lists and Ubuntu
Basic UNIX permissions: Owner, Group, Others and each with Read, Write, Execute, plus a handful of special permissions (setuid, sticky bits, etc). Covers 90% maybe say 99.9%, but not 100%. Sometimes, you really just want to grant more than just the "owner", "group", "everyone" permissions so you need Access Control Lists (ACL).
To get ACL support, your file system must support ACLs. If you're using a file system created this century, it probably supports ACLs. ACL support is usually an option for the file system which can either be set to default on (with tune2fs for example) or can be turned on at mount time with the "acl" option (e.g. in fstab). Some distros simply default the file systems to have acl on (Fedora, RedHat EL) and others don't (Debian, Ubuntu).
To view or manipluate ACLs you also need acl tools: getfacl and setfacl. Distros usually have a package called "acl" available which provides these utilities and with the distros that have ACL defaulting on for file systems (RedHat etc), the package is pre-installed.
First thing you'll want to know is how to read an ACL. The utility "getfacl" (Get File ACL) can show you the ACL. This is what a file looks like that doesn't have an ACL:
For files that have ACLs, you will see they have a "+" in their permissions list when using your regular ls -l and then you can view the ACL again with getfacl:
As you can see, this is the same directory, but rather than granting global read/execute as under UNIX permissions, we've granted instead read/execute to two specific users with ACLs. These ACLs were created with setfacl (Set File ACL):
If you get some error trying to use "setfacl", it's because the file system does not have the ACL option turned on. Add "acl" to the mount point in fstab and then remount the file system.
The last handy thing you may want to know is that getfacl and setfacl can be used to dump and restore ACLs. With getfacl, you can recursively pull all ACLs and skip files that have only base ACLs (UNIX permissions only). This dump can then be re-applied with setfacl. You will find this useful as not all tools that handle files handle ACLs - specifically tar.
That's Access Control Lists for you. There's no reason not to use them - they're widely supported and very useful.
Enjoy!
- Arch
To get ACL support, your file system must support ACLs. If you're using a file system created this century, it probably supports ACLs. ACL support is usually an option for the file system which can either be set to default on (with tune2fs for example) or can be turned on at mount time with the "acl" option (e.g. in fstab). Some distros simply default the file systems to have acl on (Fedora, RedHat EL) and others don't (Debian, Ubuntu).
To view or manipluate ACLs you also need acl tools: getfacl and setfacl. Distros usually have a package called "acl" available which provides these utilities and with the distros that have ACL defaulting on for file systems (RedHat etc), the package is pre-installed.
First thing you'll want to know is how to read an ACL. The utility "getfacl" (Get File ACL) can show you the ACL. This is what a file looks like that doesn't have an ACL:
getfacl torrentflux
# file: torrentflux
# owner: www-data
# group: www-data
# flags: -s-
user::rwx
group::r-x
other::r-xFor files that have ACLs, you will see they have a "+" in their permissions list when using your regular ls -l and then you can view the ACL again with getfacl:
$ ls -l
drwxr-s---+ 7 www-data www-data 4096 2009-11-21 15:06 torrentflux
$ getfacl torrentflux
# file: torrentflux
# owner: www-data
# group: www-data
# flags: -s-
user::rwx
user:archangel:r-x
user:aandrea:r-x
group::r-x
mask::r-x
other::---As you can see, this is the same directory, but rather than granting global read/execute as under UNIX permissions, we've granted instead read/execute to two specific users with ACLs. These ACLs were created with setfacl (Set File ACL):
$ setfacl -m user:archangel:rx torrentflux
$ setfacl -m user:aandrea:rx torrentfluxIf you get some error trying to use "setfacl", it's because the file system does not have the ACL option turned on. Add "acl" to the mount point in fstab and then remount the file system.
The last handy thing you may want to know is that getfacl and setfacl can be used to dump and restore ACLs. With getfacl, you can recursively pull all ACLs and skip files that have only base ACLs (UNIX permissions only). This dump can then be re-applied with setfacl. You will find this useful as not all tools that handle files handle ACLs - specifically tar.
That's Access Control Lists for you. There's no reason not to use them - they're widely supported and very useful.
Enjoy!
- Arch
Sunday, 1 August 2010
DSL Speeds
Just came across this article on the BBC:
http://www.bbc.co.uk/news/technology-10774406
"The survey found that for DSL services advertised as being "up to" 20Mbps, only 2% of customers got speeds in the range of 14-20Mbps. Of the others, 32% were getting a 8-14Mbps service and 65%, 8Mbps or less."
2% of users get 75% (or better) of advertised speeds? That's pretty damned harsh. That's the kind of thing that your customers ought to know up front.
But that's DSL for you. The article gives a fairly good explanation of some of the reasons why DSL sucks. What we need is fiber-to-the-home and none of this DSL crap:
http://www.newswire.ca/en/releases/archive/February2010/04/c6687.html
http://seekingalpha.com/article/197137-competition-is-starting-to-weigh-on-rogers-communications?
http://www.bbc.co.uk/news/technology-10774406
"The survey found that for DSL services advertised as being "up to" 20Mbps, only 2% of customers got speeds in the range of 14-20Mbps. Of the others, 32% were getting a 8-14Mbps service and 65%, 8Mbps or less."
2% of users get 75% (or better) of advertised speeds? That's pretty damned harsh. That's the kind of thing that your customers ought to know up front.
But that's DSL for you. The article gives a fairly good explanation of some of the reasons why DSL sucks. What we need is fiber-to-the-home and none of this DSL crap:
http://www.newswire.ca/en/releases/archive/February2010/04/c6687.html
http://seekingalpha.com/article/197137-competition-is-starting-to-weigh-on-rogers-communications?
Thursday, 1 July 2010
Upgrade from Ubuntu Server 8.04 to 10.04
Well, decided that today was the day to do the upgrade of my server, Alia, from 8.04 to 10.04. And, since I'm able to post, you can guess that it went generally fine.
It was quite brilliant really. I just ran the following command and followed the prompts:
So far, everything looks good. New kernel (2.6.32 from 2.6.24), MySQL (5.1 from 5.0), Apache, Postfix, slapd, etc etc. The one that looks like needs some babysitting is Dovecot which requires an updated config file.
Everything else worked "out of the box". And I'd consider this system fairly customized in the sense that a wide variety of applications have been installed but where possible (and almost entirely), taken from the Ubuntu repositories.
So if there's anyone else out there still waffling, do it! Do the upgrade!
- Arch
It was quite brilliant really. I just ran the following command and followed the prompts:
do-release-upgrade --proposedSo far, everything looks good. New kernel (2.6.32 from 2.6.24), MySQL (5.1 from 5.0), Apache, Postfix, slapd, etc etc. The one that looks like needs some babysitting is Dovecot which requires an updated config file.
Everything else worked "out of the box". And I'd consider this system fairly customized in the sense that a wide variety of applications have been installed but where possible (and almost entirely), taken from the Ubuntu repositories.
So if there's anyone else out there still waffling, do it! Do the upgrade!
- Arch
Wednesday, 23 June 2010
Keeping Copies of Group Emails
One of the things that's a bit ghetto of groups in Google Apps is that groups are really just a glorified alias file. Users cannot manage their subscription, get emails delivered in batches, and there's no message archive unlike Google Groups or a Mailman managed list. And this is the same problem with Microsoft Exchange (at least up to 2007, probably 2010 too).
Okay, so ranting aside, here's a couple quick hacks to squeeze a couple features out of groups in GA.
Archiving. Create a mailbox, add it to the group. Shazzam! This is better in Exchange were you can share that mailbox easily with many users and limit them to read-only access so people aren't deleting your archive.
Mailing list features. Well, you're only answer for now is going to be to forward messages to a mailing list. So point mylist@example.com to mylist-example-com@googlegroups.com and members should subscribe directly to the Google Group instead.
Aliases. Now this is one feature I would have preferred in the face of the above limitations of GA groups. That is, if I've got a group called "hibuddy@example.com", I also want to have "heybuddy@example.com" and other variations. So here, create a mailbox called "hibuddy@example.com" and rename (or create) a group called "hibuddy-group@example.com". You can add as many aliases as you want to the mailbox, and then configure that mailbox to just forward to the group.
Ciao
- Arch
Okay, so ranting aside, here's a couple quick hacks to squeeze a couple features out of groups in GA.
Archiving. Create a mailbox, add it to the group. Shazzam! This is better in Exchange were you can share that mailbox easily with many users and limit them to read-only access so people aren't deleting your archive.
Mailing list features. Well, you're only answer for now is going to be to forward messages to a mailing list. So point mylist@example.com to mylist-example-com@googlegroups.com and members should subscribe directly to the Google Group instead.
Aliases. Now this is one feature I would have preferred in the face of the above limitations of GA groups. That is, if I've got a group called "hibuddy@example.com", I also want to have "heybuddy@example.com" and other variations. So here, create a mailbox called "hibuddy@example.com" and rename (or create) a group called "hibuddy-group@example.com". You can add as many aliases as you want to the mailbox, and then configure that mailbox to just forward to the group.
Ciao
- Arch
Wednesday, 12 May 2010
Clonezilla Good! Fire Bad!
Clonezilla, quite simply, is tha bomb. It's really fast, very flexible, it will do everything including your laundry.
You get basically two styles of cloning systems (or disks in general). Either one at a time with the LiveCD or many at a time with a multicasting server. I've only tried the liveCD method since I was simply doing two hosts. And in my case, I was dealing with the 'doze which is always more of a pain than it should be. So here's what I did to clone a Windows Server 2003 install to two hosts.
Then on each target host,
The crazy thing I was finding was that "proprietary" cloning tools were hard to find. Basically, Symantec has been buying up everyone in the field, killing the products, and then telling everyone to use Ghost which at least since when they acquired Norton and until recently, did not take offline disk copies. Instead, you have to install the application in the OS (which you'll note with Sysprep is impossible since the host is SHUT OFF) and it does a "hot backup". It just doesn't work for cloning at all. WTH?
But apparently, between some more sophisticated usage of sysprep and using a "clonezilla server", you could have your PCs, say in a lab, all doing PXE boot, re-imaging themselves, and picking up their name and domain information simultaneously. Once setup, you could do a lab of, I don't know what size, but whatever the max number of clients is (presumably dozens or hundreds) in less time than it takes to get a Starbucks.
- Arch
You get basically two styles of cloning systems (or disks in general). Either one at a time with the LiveCD or many at a time with a multicasting server. I've only tried the liveCD method since I was simply doing two hosts. And in my case, I was dealing with the 'doze which is always more of a pain than it should be. So here's what I did to clone a Windows Server 2003 install to two hosts.
- Get the Windows host installed and setup with all the desired applications but not joined to the domain
- Create an unattended install file for Sysprep (it's a quick wizard)
- SAVE THAT SYSPREP FILE (for some reason, sysprep will destroy this as incriminating evidence?)
- Sysprep the host - this will strip the Security ID (SID), computer name, and remove it from the domain (if you had it on one) and it shuts down the host
- Get the Clonezilla LiveCD and something for external storage
- Boot the sysprepped host from the liveCD
- Basically defaults all the way, it will ask what the storage media for system images is, what disk or partition to copy (I did it by partition, though you could do disk if you wanted to keep the partition info)
- It ripped a 5.4GB base server install into a ~2GB image in about 5 minutes
- Reboot, reconfigure PC with a name, join it to the domain, etc
Then on each target host,
- Boot from the Clonezilla LiveCD
- Attach the external storage
- Follow the wizard
- It restored the above partition for me in 2 minutes, 17 seconds
- Reboot, give the PC a name, put it in the domain, etc
- Repeat for each host you are cloning
The crazy thing I was finding was that "proprietary" cloning tools were hard to find. Basically, Symantec has been buying up everyone in the field, killing the products, and then telling everyone to use Ghost which at least since when they acquired Norton and until recently, did not take offline disk copies. Instead, you have to install the application in the OS (which you'll note with Sysprep is impossible since the host is SHUT OFF) and it does a "hot backup". It just doesn't work for cloning at all. WTH?
But apparently, between some more sophisticated usage of sysprep and using a "clonezilla server", you could have your PCs, say in a lab, all doing PXE boot, re-imaging themselves, and picking up their name and domain information simultaneously. Once setup, you could do a lab of, I don't know what size, but whatever the max number of clients is (presumably dozens or hundreds) in less time than it takes to get a Starbucks.
- Arch
Tuesday, 20 April 2010
Launching Outlook Calendar
I wouldn't normally post about using an application, but nevertheless, this is a very handy trick for me. I usually run Thunderbird and Outlook Web Access (OWA). OWA is good for viewing your calendar, not so much shared calendars. And if I launch Outlook when Thunderbird is already running, Exchange goes crazy with my inbox. So, I often find I want to launch Outlook but only for the calendar. Microsoft has a handy page on how to Customize Outlook to start with the Calendar open. And in summary, you just need to add this to whatever shortcut you use to launch Outlook:
I added this to my quick launch link, the only downside is every time Outlook is updated, that link gets stomped.
But that's it.
- Arch
/select outlook:calendar
I added this to my quick launch link, the only downside is every time Outlook is updated, that link gets stomped.
But that's it.
- Arch
Subscribe to:
Comments (Atom)