I have seen the future.

Today's XKCD, like so many, is my life.

If you've gotten the "anniversary update" of Windows 10, you have probably already noticed that it wasn't just an "update", it was a clean install of a new copy of the OS and then an import of your settings and profile. Which means annoying things like the default MS apps (Edge, Explorer, Store) are re-pinned to start menu, the crappy MS programs for music and things have reset their defaults, your privacy settings have been eBayed unless you were careful during the update, etc.

All that's fine. It's annoying, but not actively harmful.

Actively harmful: The option to "notify me when a restart is required to install updates" has been REMOVED. Now there's no setting in the Windows Update options to avoid automatic reboots when it "thinks" you aren't using your computer, and you can only specify a 12 hour window of "never reboot during this time"

The good news is, there's a solution to that, hiding in Local Group Policy (Win10 Pro) or the Registry (Win10 Home).

If you've got Win10 Pro:
1) click start, type "gpedit.msc", press enter. Make the window fullscreen, you will need the room.
2) On the left, navigate to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update.
3) On the right, locate "No auto-restart with logged-on users for scheduled automatic updates installations" and double-click it.
4) Change the radio button from "not configured" to "enabled". Click OK.
5) Close the Local Group Policy Editor window.

Now, the machine will no longer reboot as long as a user is logged in. If all the users are logged out, it'll still reboot automatically but that's generally much less of a problem.

(OPTIONAL: in that same location from Step 2, choose "Configure Automatic Updates", click Enabled, choose option 3. This reverts to the Win7 default behaviour of "notify me before installing updates", which is good for updates that require a reboot to install and BAD for updates that don't require a reboot. If you set this option, you need to watch for update notifications and deal with them in a timely manner. You can't afford to ignore them.)

If you've got Win10 Home: Fucked if I know, it's in the registry somewhere. I'm 100% sure it's there, and I'm also 100% sure I don't know where it is. I'll go digging to see if I can find the setting, later, and I'll update this post if I do.

EDIT: It *looks like* the right solution for Win10 home is: Start -> "regedit" -> Enter. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate

If there's an "AU" subkey, click on it. If there isn't, right-click on "WindowsUpdate", choose "new->key" and name it AU. Inside AU, right-click and choose "New->DWORD Value", name it "AUOptions" and set its value to "3". Close regedit and reboot. This is the same as that step marked OPTIONAL up above for Pro users - if there's a registry equivalent to "No auto-restart with logged-on users" I haven't found it, but this should also get around the problem.

Hey, remember the user responsible for this incident, and this one?

I've got another one. We've got a bunch of a certain kind of desktop case, where the sides go on vertically without screws, then the top of the case slides in horizontally to lock them in place and you close *that* with screws. I'm looking at an unrelated computer and I notice the top piece, which is a rectangular piece of reasonably sturdy flat metal, is missing. So I ask the user where it is, and he said "Oh, $Engineer borrowed it a few months back. It's just part of the case so I figured I didn't really need it."

($Engineer being, of course, the user responsible for the two incidents up top.)

I go and ask him why he borrowed A PIECE OF A COMPUTER CASE and where it is, and can I please get it back.

His answer: "Oh, yeah, that's in my car. I can bring it in any time."

Okay, but WHY does he have it in his car? To my eternal regret, I asked him.

"Well, you remember all that snow we had? I needed a shovel."

Hey, remember that time Google dropped an anvil on Symantec for playing stupid dangerous games with their root CA?

Symantec has now issued a CA to spyware/malware vendor Bluecoat. Meaning Bluecoat can now issue properly-signed certificates for any domain they want. Your browser will see a fake certificate for, say, Google, and will trust it without warning you that it's fake because the certitificate is trusted by Bluecoat who in turn are trusted by Symantec, and your browser trusts Symantec.

Here's how to fix that in Windows. And in OSX.

(Unfortunately, untrusting Symantec's root is not a viable option, yet. I suspect there's going to be a lot of people looking into how to make that viable, though, soon.)

So for reasons that truly escape me[1], network file shares for Windows users are shared via a CentOS machine running Samba instead of directly off the NetApp via CIFS.

Anyway. It's working, except there's a thing: By default (and currently), samba logs are separated by machine - they log to /var/log/samba/%m.log which means there's one log for each laptop or desktop.

It would be handier to have the logs separated by user, or by service. The docs all say to just change that %m to %u for User or %S for Service... but if I do that, I get files LITERALLY CALLED /var/log/samba/%u.log or %S.log. It doesn't expand the user or service and give me per-user or per-service logs the way the docs and mailing list RTFMers say it will, it throws them all in a single file with a literal percent sign in it.

Anyone run into this and remember the magic spell to fix it?
CentOS 5.11, Samba 3.0.33.


[1]: "Legacy, changing would require resources, changing would require users to do something different" oh wait I guess the reasons don't escape me but OH FUCK OFF.

Killing a task from the command line on windows.

If, for example, you've got a fullscreen app that's somehow grabbed the screen topmost but not necessarily focus, and frozen, and WILL NOT release it, but other apps are responding and you can, say, see them under Peek and use the start menu, etc? But you can't get any other window to actually appear on the screen where you can click on them?

(That situation is not as hypothetical as you might believe. Repeatable, even.)

Well then, open Task Manager with ctrl-alt-del and use peek to see the name of the frozen application, open an elevated command prompt with start ->cmd-> Run As Administrator, and then type, blind, "taskkill /im [name]" and press enter. This will kill the stupid goddamn application that won't come back and won't go away.

I need a PDF reader that doesn't suck.

1. Adobe Reader is terrible, and, like all Adobe products, is full of security holes that are never patched in a timely manner.

2. Foxit Reader used to be pretty good (if annoying - it kept resetting customisations to default on updates) but now inescapably bundles the "Foxit Cloud" malware.

3. SumatraPDF can't handle forms.

4. Don't get me started on the PDF handling of Google Docs.

5.Telling the entire world to stop using PDFs because there are no non-shitty readers is sadly impractical.

Right now I'm using Sumatra because it displays simple PDFs just fine, but I occasionally want some of the more complicated features available in the format and I'd like a reader that handles them without also being complete shit. Anyone got something?

I honestly thought I had more Exchange+RIM survivors who would have jumped on this sooner.

But: nubule and dantheserene got it right, I was talking about Blackberry Enterprise.

Pulling an explanation up from a comment there:

Blackberries before Blackberry OS10 had two modes, Blackberry Internet Service (BIS) and Blackberry Enterprise Service (BES). They're so close in name and acronym because RIM (now Blackberry) ARE THE WORST AT EVERYTHING HOLY FUCK.

Your BIS data plan was like a modern smartphone data plan. It gave you internet access and checked your email and let you do all the things a Smartphone does.... except connect to an Exchange server.

Your BES data plan was exactly like a BIS data plan, except it works with Exchange, and your Exchange provider's BES server, to give you Exchange access on your Blackberry. And it also tended to cost 5x as much.

This all happened forever ago. It's ancient history. It's 2006.

Since then, smartphones were invented and Microsoft created ActiveSync, which works to seamlessly provide Exchange access to iPhones and Androids and, once Blackberries FINALLY got somewhere close to modern, Blackberries. Activesync is also free, and works on a normal data plan.

But: Any iPhone, any Android, or any Blackberry 10 device, connects to Exchange through Activesync and Just Works.
Any Blackberry *before* 10 requires BES, which means it requires that the Exchange server have a BES server with BES enabled for the Exchange account (vendor #1) and your cellphone provider needs to provide a BES data plan (vendor #2), and then you need to do Enterprise Activation and push Service Books and all kinds of RIM crap from before smartphones were a thing.

My client has several Blackberries from before Blackberry 10. And my recommendation to get them onto the brand spanking new Exchange 2013 server was "walk into Best Buy[1], buy a fucking iPhone[2]" because that's SO MUCH EASIER.

[1]: Or Future Shop or Rogers Store or the cellphone kiosk at Costco or....
[2]: Or any Android, or even a Blackberry 10 device if you can't live without a phone that sucks, but NOT BLACKBERRY 9.

MOZILLA WAT U DOIN

MOZILLA. STAHP.

===============================================
machine:~# date
Sat Dec 31 20:42:31 EST 2005

machine:~# /etc/init.d/ntp stop
Stopping NTP server: ntpd.

machine:~# ntpdate 132.246.11.229
15 Nov 12:12:48 ntpdate[5330]: step time server 132.246.11.229 offset 279991762.985766 sec

machine:~# date
Sat Nov 15 12:13:19 EST 2014
===============================================
(The weekend was all like that. But I am greatly amused by "offset 280 million seconds" being both MEASURED IN SECONDS and MEASURED OUT SIX FIGURES PAST THE DECIMAL.)