theweaselking: (Work now)
Issue: After an email migration, automated emails sent by the SFTP server on customer data releases are still going through the old server, not the new one. So they're going to customers just fine but internal emails are getting dropped in the old, deprecated mailboxes that users have been told to not use. I didn't build the SFTP server, but I can take a look, why not?

Things:
1) check smarthost settings on the SFTP server, but they're correct. Send a test message through them, it arrives in the right mailbox through the right server.

2) Do the automated emails actually go through the smarthost? Good question, let's check: Hmm, no custom script. No triggers set. mod_notify isn't even installed, mod_exec is disabled.... how do these automated messages actually TRIGGER? Attempt to trigger one: No email appears, nothing in the logs about sending or not sending an email.

3) Give up on figuring out how they trigger, go looking for the person who reported the problem, who can trigger it and can show me an example of the issue. Discover that after first reporting the issue at *11pm*, he's left the country early the next day and will be back in "early 2017". Discover that he left a message asking that this be fixed ASAP because it's been broken, for, like, a month.

4) Swear. Yup, swearing still works. This is nice.

5) Go dig up the person who's doing the reporter's job while he's gone, which involves going through a chain of managers since the immediate manager is ALSO gone until "sometime in 2017". Ask HIM to trigger one of those automated messages for me.

6) Learn that the automated email process broke sometime in *2007*, and so for the last DECADE the company has been sending "automated notice of file upload" to users by hand. Facepalm. Ask him to show me how he does THAT, and learn to my horror that the complaining user has been logging into the old mail server exactly as he has been told EXPLICITLY to never, ever do, and sending these messages by hand through the deprecated-but-not-yet-decommissioned system. Ask WHY. Am told that the complaining user said he didn't think the new system was working, despite it being the thing he uses all day every day for all his other email purposes AND the users being told to report all issues with the new system because USING THE OLD ONE CAUSES PROBLEMS EXACTLY LIKE THE ONE HE IS COMPLAINING ABOUT and also WE'RE TURNING OFF THE OLD ONE, "SOON".

7) Headdesk.

8) Change the complaining user's password. Even if the system is not-yet-decommissioned when he returns, he does not get the new password. As well, I am currently looking into how to lock this on an unchangeable endless loop as his desktop background:
 photo tumblr_n8envbbNXX1shtqapo1_500_zpshcogqsx0.gif

On the whole, computers were a mistake.

My day

Aug. 17th, 2016 04:33 pm
theweaselking: (Work now)
> vol destroy vol0
Are you sure you want to destroy volume 'vol0'? y
Volume 'vol0' destroyed."


(I had a very good reason for doing that. )
theweaselking: (Work now)
If you've gotten the "anniversary update" of Windows 10, you have probably already noticed that it wasn't just an "update", it was a clean install of a new copy of the OS and then an import of your settings and profile. Which means annoying things like the default MS apps (Edge, Explorer, Store) are re-pinned to start menu, the crappy MS programs for music and things have reset their defaults, your privacy settings have been eBayed unless you were careful during the update, etc.

All that's fine. It's annoying, but not actively harmful.

Actively harmful: The option to "notify me when a restart is required to install updates" has been REMOVED. Now there's no setting in the Windows Update options to avoid automatic reboots when it "thinks" you aren't using your computer, and you can only specify a 12 hour window of "never reboot during this time"

The good news is, there's a solution to that, hiding in Local Group Policy (Win10 Pro) or the Registry (Win10 Home).

If you've got Win10 Pro:
1) click start, type "gpedit.msc", press enter. Make the window fullscreen, you will need the room.
2) On the left, navigate to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update.
3) On the right, locate "No auto-restart with logged-on users for scheduled automatic updates installations" and double-click it.
4) Change the radio button from "not configured" to "enabled". Click OK.
5) Close the Local Group Policy Editor window.

Now, the machine will no longer reboot as long as a user is logged in. If all the users are logged out, it'll still reboot automatically but that's generally much less of a problem.

(OPTIONAL: in that same location from Step 2, choose "Configure Automatic Updates", click Enabled, choose option 3. This reverts to the Win7 default behaviour of "notify me before installing updates", which is good for updates that require a reboot to install and BAD for updates that don't require a reboot. If you set this option, you need to watch for update notifications and deal with them in a timely manner. You can't afford to ignore them.)

If you've got Win10 Home: Fucked if I know, it's in the registry somewhere. I'm 100% sure it's there, and I'm also 100% sure I don't know where it is. I'll go digging to see if I can find the setting, later, and I'll update this post if I do.

EDIT: It *looks like* the right solution for Win10 home is: Start -> "regedit" -> Enter. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate

If there's an "AU" subkey, click on it. If there isn't, right-click on "WindowsUpdate", choose "new->key" and name it AU. Inside AU, right-click and choose "New->DWORD Value", name it "AUOptions" and set its value to "3". Close regedit and reboot. This is the same as that step marked OPTIONAL up above for Pro users - if there's a registry equivalent to "No auto-restart with logged-on users" I haven't found it, but this should also get around the problem.
theweaselking: (Work now)
Today is the last day to get Windows 10 for free.

If you don't want Windows 10, those annoying "hey you can upgrade now!" popups will finally vanish. If you do want Windows 10 (and I prefer it to 7 and consider it a complete no-brainer to upgrade from 8) you have another 15 hours or so.
theweaselking: (Work now)
Hey, remember the user responsible for this incident, and this one?

I've got another one. We've got a bunch of a certain kind of desktop case, where the sides go on vertically without screws, then the top of the case slides in horizontally to lock them in place and you close *that* with screws. I'm looking at an unrelated computer and I notice the top piece, which is a rectangular piece of reasonably sturdy flat metal, is missing. So I ask the user where it is, and he said "Oh, $Engineer borrowed it a few months back. It's just part of the case so I figured I didn't really need it."

($Engineer being, of course, the user responsible for the two incidents up top.)

I go and ask him why he borrowed A PIECE OF A COMPUTER CASE and where it is, and can I please get it back.

His answer: "Oh, yeah, that's in my car. I can bring it in any time."

Okay, but WHY does he have it in his car? To my eternal regret, I asked him.

"Well, you remember all that snow we had? I needed a shovel."
theweaselking: (Work now)
Firefox 47 change log:
"The browser.sessionstore.restore_on_demand preference has been reset to its default value (true) to avoid e10s performance problems. Because faster is better!"

No, you stupid-ass motherfuckers, this is SLOWER, not faster, because when I want a tab, I want it *now*, and I wanted it loaded because, get this, it was IN AN OPEN FUCKING TAB. Having to wait for a page to load after I click on it WASTES MY FUCKING TIME. If I didn't want that page loaded already when I look at it, it wouldn't be in a tab.

And if you were changing the default behaviour, sure, okay, but you're not. You're RESETTING MY CUSTOM FUCKING SETTING THAT I SPECIFICALLY MADE NOT-DEFAULT, because, like Yahoo search and supporting anti-gay hate groups and endorsing misogynist harassment campaigns, MOZILLA'S DEFAULTS ARE OFFENSIVELY GODDAMN STUPID.

"Firefox: The browser I only keep using because Chrome's extension support is lousy and their UI is unfixably broken"
theweaselking: (Work now)
Hey, remember that time Google dropped an anvil on Symantec for playing stupid dangerous games with their root CA?

Symantec has now issued a CA to spyware/malware vendor Bluecoat. Meaning Bluecoat can now issue properly-signed certificates for any domain they want. Your browser will see a fake certificate for, say, Google, and will trust it without warning you that it's fake because the certitificate is trusted by Bluecoat who in turn are trusted by Symantec, and your browser trusts Symantec.

Here's how to fix that in Windows. And in OSX.

(Unfortunately, untrusting Symantec's root is not a viable option, yet. I suspect there's going to be a lot of people looking into how to make that viable, though, soon.)
theweaselking: (Work now)
john@smarthost:/var/log# ls -1 |wc -l
450895
john@smarthost:/var/log# rm -f mail.err.*
-bash: /bin/rm: Argument list too long
john@smarthost:/var/log# rm -f mail.err.1.*
john@smarthost:/var/log# rm -f mail.err.2.*
john@smarthost:/var/log# ls -1 |wc -l
393723

If you understand this, I'm sorry.

(How it happened: Runaway logrotate, triggering on "mail.*" not "mail.log, mail.err, mail.info")
theweaselking: (Work now)
So for reasons that truly escape me[1], network file shares for Windows users are shared via a CentOS machine running Samba instead of directly off the NetApp via CIFS.

Anyway. It's working, except there's a thing: By default (and currently), samba logs are separated by machine - they log to /var/log/samba/%m.log which means there's one log for each laptop or desktop.

It would be handier to have the logs separated by user, or by service. The docs all say to just change that %m to %u for User or %S for Service... but if I do that, I get files LITERALLY CALLED /var/log/samba/%u.log or %S.log. It doesn't expand the user or service and give me per-user or per-service logs the way the docs and mailing list RTFMers say it will, it throws them all in a single file with a literal percent sign in it.

Anyone run into this and remember the magic spell to fix it?
CentOS 5.11, Samba 3.0.33.


[1]: "Legacy, changing would require resources, changing would require users to do something different" oh wait I guess the reasons don't escape me but OH FUCK OFF.
theweaselking: (Work now)
Killing a task from the command line on windows.

If, for example, you've got a fullscreen app that's somehow grabbed the screen topmost but not necessarily focus, and frozen, and WILL NOT release it, but other apps are responding and you can, say, see them under Peek and use the start menu, etc? But you can't get any other window to actually appear on the screen where you can click on them?

(That situation is not as hypothetical as you might believe. Repeatable, even.)

Well then, open Task Manager with ctrl-alt-del and use peek to see the name of the frozen application, open an elevated command prompt with start ->cmd-> Run As Administrator, and then type, blind, "taskkill /im [name]" and press enter. This will kill the stupid goddamn application that won't come back and won't go away.
theweaselking: (Work now)
Fuck.

Short version: cracking D-H key exchange ("most internet encryption") by brute force when every site uses a different 1024-bit key is unfeasibly hard. But if people are using the SAME 1024-bit key, instead of needing to crack 2^1024 (a number 309 digits long) keys, you just need to crack that one. And that only costs a few hundred million dollars, a year of time, and the knowledge of which 1024-bit key to crack. Guess what most common TLS and SSH implementations do? They use a specific key across all installations, which can be pulled out of the installer.

So it's believed that the NSA have cracked the specific keys used by lots of common software, which lets them read the encrypted traffic sent to and from those programs.
theweaselking: (Work now)
I need a PDF reader that doesn't suck.

1. Adobe Reader is terrible, and, like all Adobe products, is full of security holes that are never patched in a timely manner.

2. Foxit Reader used to be pretty good (if annoying - it kept resetting customisations to default on updates) but now inescapably bundles the "Foxit Cloud" malware.

3. SumatraPDF can't handle forms.

4. Don't get me started on the PDF handling of Google Docs.

5.Telling the entire world to stop using PDFs because there are no non-shitty readers is sadly impractical.

Right now I'm using Sumatra because it displays simple PDFs just fine, but I occasionally want some of the more complicated features available in the format and I'd like a reader that handles them without also being complete shit. Anyone got something?
theweaselking: (Work now)
"Look, tell the auditor that no, we cannot protect the machine from a legitimate root user who suddenly becomes malicious, and if he thinks about that for a minute he can probably figure out why."
theweaselking: (Work now)
I honestly thought I had more Exchange+RIM survivors who would have jumped on this sooner.

But: [livejournal.com profile] nubule and [livejournal.com profile] dantheserene got it right, I was talking about Blackberry Enterprise.

Pulling an explanation up from a comment there:

Blackberries before Blackberry OS10 had two modes, Blackberry Internet Service (BIS) and Blackberry Enterprise Service (BES). They're so close in name and acronym because RIM (now Blackberry) ARE THE WORST AT EVERYTHING HOLY FUCK.

Your BIS data plan was like a modern smartphone data plan. It gave you internet access and checked your email and let you do all the things a Smartphone does.... except connect to an Exchange server.

Your BES data plan was exactly like a BIS data plan, except it works with Exchange, and your Exchange provider's BES server, to give you Exchange access on your Blackberry. And it also tended to cost 5x as much.

This all happened forever ago. It's ancient history. It's 2006.

Since then, smartphones were invented and Microsoft created ActiveSync, which works to seamlessly provide Exchange access to iPhones and Androids and, once Blackberries FINALLY got somewhere close to modern, Blackberries. Activesync is also free, and works on a normal data plan.

But: Any iPhone, any Android, or any Blackberry 10 device, connects to Exchange through Activesync and Just Works.
Any Blackberry *before* 10 requires BES, which means it requires that the Exchange server have a BES server with BES enabled for the Exchange account (vendor #1) and your cellphone provider needs to provide a BES data plan (vendor #2), and then you need to do Enterprise Activation and push Service Books and all kinds of RIM crap from before smartphones were a thing.

My client has several Blackberries from before Blackberry 10. And my recommendation to get them onto the brand spanking new Exchange 2013 server was "walk into Best Buy[1], buy a fucking iPhone[2]" because that's SO MUCH EASIER.

[1]: Or Future Shop or Rogers Store or the cellphone kiosk at Costco or....
[2]: Or any Android, or even a Blackberry 10 device if you can't live without a phone that sucks, but NOT BLACKBERRY 9.
theweaselking: (Work now)
I sent an email this morning that started "Hey, we missed a prerequisite on [thing]. Nobody remembered this requirement because it's not 2006 and nobody has seriously used [thing] in the last decade."

This was a followup on my yesterday suggestion, which was that everyone who seriously wanted to use [thing] should be told to go to [store] and pick up [off the shelf] instead, it would be faster, easier, and cheaper.

Pop quiz: What do you think [thing] is?

A shiny precious no-prize for the correct answer. A second one for the BEST answer.

EDIT: Hints pulled up from comments.

#1: [thing] is a software feature, but it's an obsolete one, with complex prerequisites, that requires vendor-side support. Multiple different vendors, in fact. Like, ACTUAL SUPPORT, not "I have to go to multiple web pages to download packages" but "multiple different companies have to change things ON THEIR SIDE to make this work, per user."

Meanwhile, COTS consumer-grade commercial devices, available EVERYWHERE (at least three places in any given shopping mall), do the exact same thing, better, simpler, requiring very little vendor support.

#2: in 2006 I, as a person who Fixed All The Things for employees of My Beloved Corporate Masters, dealt with [thing] on nearly a daily basis.

And by 2008 it was *dead*. In part because by 2008 I no longer worked for an international megacorporation, but also in general. Employees of international megacorporations probably still encountered occasional instances of [thing] in the hands of legacy users for years afterwards.
theweaselking: (Work now)
 photo ohboy_zps0b86df98.jpg

"Uh, dude? 'Just stick that drive in a different machine and recover the data' may be a LITTLE harder than anticipated."
theweaselking: (Work now)
===============================================
machine:~# date
Sat Dec 31 20:42:31 EST 2005

machine:~# /etc/init.d/ntp stop
Stopping NTP server: ntpd.

machine:~# ntpdate 132.246.11.229
15 Nov 12:12:48 ntpdate[5330]: step time server 132.246.11.229 offset 279991762.985766 sec

machine:~# date
Sat Nov 15 12:13:19 EST 2014
===============================================
(The weekend was all like that. But I am greatly amused by "offset 280 million seconds" being both MEASURED IN SECONDS and MEASURED OUT SIX FIGURES PAST THE DECIMAL.)

Profile

theweaselking: (Default)theweaselking
Page generated Jun. 10th, 2025 01:35 am