yamahito

A Call for help:

It’s possible to add users from directory structure 1 (in this case an openLDAP implementation that’s sharing our University’s Novell eDirectory) into an OpenDirectory group (directory structure 2). I can do this on server 10.4 easily using the Workgroup Manager GUI. But doing it for hundreds of students every year is… well, I don’t have the time to do that, either in terms of deadlines or workload, quite frankly.

The information contains users grouped both by groups and containers, but it’s an old gripe that Workgroup Manager won’t show you anything but a flat list of users. There’s a group tab there, but it doesn’t seem to work for me. Also, I don’t have direct access to edit the data or create groups on 1, and the users are already correctly organised by container.

So, can anyone out there tell me if it’s possible? I don’t mind getting my hands dirty on the command line, and if Leopard is needed I had to order it this week anyway…

you think being the Cop/Janitor/Sewer Worker of the tech revolution is some kind of glamor job?

Don’t get me wrong. I love IT. I love building systems and infrastructures that make the job easier, or better, or both. I get excited by the idea of being involved in innovation. But I’m sick of my job. Why?

Well, reading John C Welch’s post (quoted above) gives you a clue.
(more…)

I was recently asked to disable internet access on a suite of macs for an exam. Easier said than done: I don’t have any router/firewall control for the network they’re on, and they would still need network printing access.

There were a few things I could have done: blocking port 80 and 443 on the machines’ local firewalls, or changing the proxy settings to point the web browsers to some bogus proxy. Problem is that the machines will need internet again within minutes of the end of the exam, and I’m just not confident enough that changing such settings won’t bugger something up.

So I went down a different route: this is a script for running at the start of an exam. It only runs on a management server with Remote Desktop, so no worries about buggering up the client machines. It monitors the current application of each machine, and if someone runs firefox or safari, it will log their machine name, the application, and the timestamp, then bring up an observation window on their computer.
(more…)

I’m currently reading a book called ‘Getting Things Done’ by David Allen.

There’s a bit of psycho-babble in there, but I think that’s a bit inevitable: when dealing with something that’s essentially new (like our modern, internet-fueled lifestyles) you’ve got to develop the language to deal with it, and it’s often going to sound pretentious. Having said that, there’s a lot in there that strikes me as distinctly pragmatic and down-to-earth.

The book tends to focus on ‘next-actions’ - I like that. You don’t ‘do’ projects, you ‘do’ little steps. And as long as you’re doing them, and that they contribute to the project, you don’t have the ‘open loop’ - what I would call that feeling of something hanging over your head - that you get when you know that there’s something you’ve decided you should be doing.

Some people don’t like the idea of having a rigid framework governing your work. I understand that, because I was one of them. But then again, maybe rigid is the wrong word here. Established, ingrained… whatever. The point is that some of us need something to work within. I’m hoping that this will fulfill that need.

There are a lot of different ways GTD can be implemented: a simple paper system fulfills all of the criteria, for example. Sounds a bit cluttered to me, but my brother would love that. That level of flexibility is good; it means that there’s a lot of freedom to choose something that will fit in well with my career, my hobbies and my lifestyle (yeah, this is a whole-life kind of system). It’s also bad, because it means that before I can hit the ground running, I’m going to need to complete the sort of task I’m hoping for help with.

I want something that I can access anywhere, online or offline. But I also want it to store information from me that I can retrieve. Ideally I want something I can run for myself between work and home. I envisage this as a web-based application that performs some form of synching. That’s about as far as I’ve got, and here are the candidates so far:

43 Folders isn’t technically a candidate, but as a site it looks useful enough that I’ll link to it straight away.

Tracks is a ruby-on-rails implementation. It’s designed specifically for GTD. It’s available as a hosted solution (I think free, so there’s your demo ), and has RSS capabilities (which is always a bonus for me).

MonkeyGTD is an adaption of a Tiddlywiki. Tiddlywikis are based on single flat files, so the advantage here is that you can carry it with you, work on it offline, and upload to carry on working online. It also looks a lot more sophisticated than you would expect from a wiki.

iCommit is another bespoke GTD solution. I haven’t tried it yet, as you have to register to use it on the author’s site in the first instance to see anything. That put me off, but many people sounding off about how perfect a solution it is made me look some more. 43folders has an article and some screenshots here.

Thinking Rock looks pretty cool, but isn’t an online service. Having said that, it’s java, and based on a single file that I could either USB around with me and/or stick on a webDAV server somewhere… I’m a little concerned by the lack of a ‘tickler file’ or weekly review views, but maybe it’s unnecessary - I’ll find out when I get to that chapter I guess

GTD-PHP is a php based implementation I haven’t had much chance to look at yet - there’s a demo, too.

More to follow? Please feel free to make any suggestions in the comments.

Well, no luck on the apple forums, so I’ve resorted to working around the problem I talked about yesterday.
(more…)

As much as I like it, I’ve had a problem with Apple Remote Desktop (ARD) for a while now. I administer a fairly large number of macs using it, and since I’ve started doing so, I’ve changed their DNS records. Before, their DNS names were more or less random. Now, they match the ID number stuck to the front of each machine, and can be used to rename the macs after imaging.

Only I can’t make ARD pick up the new DNS addresses.

The first time I asked for advice about it, someone suggested that it was the DNS cache on the server ARD was running for that was keeping the old information, but flushing that cache didn’t do me any good. I even tried deleting the computers from the list, and re-adding them by IP address, but something somewhere is still remembering the old DNS names. I can edit the DNS name for each computer manually, but that makes it a bit meaningless.

The DNS name information must be cached somewhere. It doesn’t seem to be on the client computers, as this problem has persisted through numerous reformats, reimaging and nv/pr-ram resets. It doesn’t seem to be on the server OS’ DNS cache. I’m reluctant to uninstall/reinstall ARD, as there’s a lot of configuration data and management tasks saved on there that I don’t want to lose: but I suspect the information is cached somehow within ARD itself.

The ARD manual says that the DNS name field is set using reverse-dns lookups when the machine is added. But this seems not to be wholly true. Reverse-dns lookups all seem to work correctly, from the web and elsewhere. Perhaps the reverse-dns happens when a machine is originally added, but after that point, it seems to remember details even if the computer they’re associated with is deleted from ARD’s management list.

I’ve thought of a nasty hacky way of doing it, but I’m going to give the apple discussion forums a bit of a chance before I try tackling it. Anyway, if anyone has any suggestions, please be my guest…

OK, ‘Fess up

Who submitted the email in this blog entry to TorrentFreak? C’mon, I won’t be angry…

I posted the thing just because I thought it was an unusual (and probably doomed, but that’s just my opinion) way to approach a problem. I certainly didn’t expect more than a couple of people to read it. So I was surprised earlier when a member of the server team from the Uni’s Information Services dept (INSRV). pointed this article out to me a couple of hours ago…

Embarassed by my own blog

The guy comes over to solve an issue with one of my servers, and mentions all this bru-ha-ha they’re having today over there because someone’s released an email that was sent out only to LCRs (that’s local computing representatives to you and me). He shows me the article and I think “that can’t be me, can it?”

Yes, it can. The number of characters in that X’ed out name at the bottom there is a match to the one I used - and not to the original email. So I think I’m the culprit. ho hum.

So that upset a few members of the network team - not a thing you want to do if you rely on them to work your network for you - and they do look after us. Luckily as it got passed up the chain of command the general sentiment changed from outrage to approval - the high-ups like the idea that cardiff are ‘leading the way’ with this approach (what?) and getting a form of recognition from it.

Missing the point?

Meanwhile, the INSRV team has also found a silver lining: not only are a couple of the comments quite funny (”Finally a good list of torrent sites”), some of them mention the odd site missed by the boys in INSRV - who can fill in those gaps.

One more thing, in the interests of pedantry: the email says that they will be prohibited - these sites are not blocked just yet. But soon, and for the rest of your life (maybe).

Apology

Ok, I lied. One last thing, for real this time.

Any organisation like ours with many satellite, semi-autonomous departments and a single organisation to provide general information services/network/computer support will entail a number of challenges. Sometimes there’s no good way to do something. Sometimes you need to compromise. Because of legacy reasons, the network in Cardiff has outgrown its design, and there are problems; bitTorrent complicates these hugely. It really does impact on our work.

INSRV might not always do things the way I like, but they’re always trying really hard to do the best thing by the university and their users. I posted the original entry because I wanted to talk about the technical limitations, and social education versus technical limitations. Any criticism was supposed to be positive. Sorry if I’ve caused you hassle, boys.

Well, after talking about it to everyone I know for ages, I’ve finally gotten around to doing it.

I’ve got me a brand new macbook sitting on my desk at work; it has a windows partition on it and an evaluation copy of parallels installed on the Mac OS.

The ol’ green and blue fisher pricing looks even more wrong on a mac screen…

I’ll be having myself a little look at how well the thing integrates the two OS together - mainly in the context of the sort of windows installation that would be expected in the uni. That means I’ll get to see how well novell works inside windows inside mac… the mind boggles.

Suggestions Please!

I know I’ve been mouthing off about how good this thing looks for a while now to various people, and I thought this might be a good place to collect together all those questions and concerns that people posed me: is there anything that you guys out there want me to test or look into on this system over the next week or so?

I think this (see the quote below) is a worrying trend: I suppose they’ve not blocked bittorrent traffic itself, but then again, they’d be hard pressed to.

I don’t use it much personally, but BitTorrent itself is not illegal. There’s lots of reasons you might want to use it. It’s alse pretty easy to track.

When I was working at a college in Oxford we used to have a fine passed on to the college each time one of our IP addresses was named in a cease and desist. We passed this fine - along with a hefty administration fee onto the infractor. The infractions didn’t cease, of course, but we didn’t have as many.

The point is that the real answer to this issue is user education, not technical restrictions that throw the baby out with the bathwater.

Dear All,

Following receipt of a number of copyright infringement notices, Information Services is taking steps to protect the University.

The principle source of these copyright infringements is inappropriate use of peer-to-peer file sharing, for example Bit Torrent.

A number of web sites have been identified which primarily provide access to a high proportion of copyrighted, pornographic or offensive material. Access to these sites, listed below, will be prohibited.

This policy is not aimed at restricting legitimate academic investigation. Should access be required please contact insrvAssist.

Sites with prohibited access:
http://www.torrentsearch.com/
http://isohunt.com/
http://torrentscan.com/
http://www.torrentspy.com/
http://torrent-finder.com/
http://thepiratebay.org/
http://www.torrentreactor.to/
http://www.torrentportal.com/
http://www.mininova.org/
http://skflan.nl.tp
http://www.onlytorrents.com/
http://www.mybittorrent.com/
http://www.torrentz.com/
http://www.torrentradar.org/
http://www.demonoid.com/
http://www.smaragdtorrent.org/
http://www.fulldls.com/
http://www.torrents.to/
http://www.torrentvalley.com/
http://www.torrentshub.com/
http://fenopy.com/
http://extratorrent.com/
http://btjunkie.org/
http://www.bittorrent.am/
http://www.astatorrents.com/
http://www.meganova.org/
http://www.bitdig.com/
http://torrentattack.org/

Your insrvAssist contact for this message is XXX XXXXX.

Thank you,
Security Team

At the day job I administer a classroom/newspaper newsroom with just over 30 macs. One of the recent complaints/problems I’ve had in there is with a network drive that disappears whilst students are working on a document - normally in QuarkXPress. We use a bespoke system for tracking work on stories and news pages that requires this drive to be present to work - it can even cause work to go missing a little more easily than it should.

I think the issue is that the drive is disconnected when machines go to sleep after 15 mins of inactivity. A student may work on a page for several hours, in which time they may be called for a news ‘conference’ with the sub-editors/lecturers, so this happens more often/with more justification than you might expect.

So here’s the challenge: what are the best ways to get a network drive to remain persistant, reconnecting when a machine restarts? A google brought up a few things I’d already been doing: dragging the drive to the user’s start up items to auto-mount at log in; a little applescript launcher for Quark that connected the drive before launching the program, that sort of thing.

Well, I don’t think I’ve cracked it quite yet, but here’s a start: I came across this thread, describing the behaviour I wanted as a ‘nuisance’. Turns out it was all about the screensaver on OS X. Apples do this rather nice thing with a folder of your pics where they zoom in on the pictures (I like it - really brings them to life) - they’ve got lots of default versions of their own, but you can also set it to a folder of your choice. If that folder happens to have an alias to a server, when the screensaver activates, it will remount that drive for you (assuming you have credentials in the keychain).

One hacked-together images folder later, and I think I have something working. I’m hoping that by setting a screensaver time that’s smaller than the sleep time on the macs it will remount the drive in the time between waking up and turning the screensaver off. Watch this space…