I run a Windows Server 2008 R2 box at home, primarily for hosting small multiplayer online games and various websites. While Server 2008 is built on the same foundation as Windows 7, there are quite a few differences.

I finally upgraded my main desktop to Windows 7 Ultimate tonight and discovered that my server was no longer showing up under the “Network” view in Windows Explorer. It turns out that in Windows 7, that view (which used to be called Network Neighborhood in the Windows NT/98 days and My Network Places in Windows XP) depends on a service called Network Discovery to find machines attached to your network. For the multiple machines on my LAN running Windows 7, they display in my Homegroup and Network views perfectly fine. Server 2008, however, has Network Discovery disabled by default, likely as a security precaution.

Of course, when I remoted into my server and tried to enable Network Discovery, imagine my surprise when it kept re-disabling itself! A little googling revealed in this forum post that Network Discovery relies on several Windows Services to function properly. Getting everything set up is surprisingly easy.

The following services should be set to Automatic (some may be set to Manual; others may be entirely Disabled):

• Function Discovery Resource Publication
• SSDP Discovery
• UPnP Device Host

Once you’ve set up these services to start automatically (and made sure they’re started!), you can enable Network Discovery in the Network and Sharing Center’s advanced sharing settings view. Once you save your changes, your Server 2008 machine should show up in the Network view of your Windows 7 computers.

You know, I am just not a fan of the smug attitude Apple sometimes displays in regards to their potential customers - those of us who still use Windows. One of the most obnoxious things I’ve seen Apple do in recent years came with their second-to-last operating system update, Leopard (OS X 10.5). When you connect to an SMB share (like a Windows share), the machine shows up in the Finder with a beige CRT displaying a Windows 9x-style blue screen of death, or BSOD.

It’s not hard to remove, but I’ve been using Macs at home more and more recently, and I got sick of having to manually remove it every single time I reinstalled (or updated) OS X. So, I made a super easy shell script that lets you fix the icon with one click. You can either download it at the end of this entry or make one yourself.

Making bash shell scripts in OS X is easy - open up TextEdit to get started. Either go up to the Format menu and select Make Plain Text or use the Command+Shift+T keyboard shortcut to convert your new file into plain text.

Then, all you need are the commands, one on each line, that are used to replace the BSOD icon with the generic OS X computer icon (which looks like an Apple Cinema Display):

cd /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/
sudo mv public.generic-pc.icns public.generic-pc_lame.icns
sudo cp com.apple.mac.icns public.generic-pc.icns
echo "script complete."
exit

This script copies the original BSOD icon to a backup file, and makes a copy of the generic Mac icon and gives it the appropriate file name. Save this file as something like BSODfix.command.

In order to make it executable, you need to set the correct file permissions. Open up Terminal and navigate to the directory where you saved your script (I keep my shell scripts in Users/Claire/Scripts), and run chmod 755 BSODfix.command to set global execute permissions on the file. Now you can double-click the file in Finder to run it. Terminal will open up and prompt you for the password for your current user account (assuming you are currently logged in as an administrator), execute the script, and exit.

Quit terminal, restart your computer (for some reason, killing and restarting the Finder doesn’t always make the change take effect), and map to an SMB share to see the change.

If you don’t want to write the script yourself, you can download it below:

BSODfix.command

I’ve been gone for awhile. I mean, not really, just from A Better Geek. I met a special someone, so that took up a lot of my time. Then said Special Someone got a job with IBM in Virginia, and we packed up and moved 700 miles to Fairfax from Lafayette back in mid-September 2009. I’m looking for work and spending my time being a server administrator, because we decided to go for Verizon Business FiOS and are hosting everything (including our websites) from our home.

Let me tell you, this has been one huge educational experience that never seems to end. My server is now running my LAN’s internal DHCP and DNS. It’s also a game application server, an internal samba file server, and an internal and external web server.

One of the things apps like WordPress, PunBB, and other content systems use is email. I’ve already discussed in the past how to make sendmail in Linux play nicely with Apache and PHP, but I realized that things were changing as I started migrating our websites and projects to an entirely different environment - Windows Server 2008 R2 Enterprise and IIS 7.0. There are some growing pains, but at least it gives me a lot to write about!

Anyhow, I realized shortly after the migration of Dan’s game servers (and related websites) that the server wasn’t sending mail. Since, you know, I hadn’t set up an SMTP service in Windows. “So what?” I thought to myself, “I’ll just install it and everything will be hunky-dory, right?”

Wrong.

It turns out that in 2009, every large mail service provider on the Internet really hates relaying email that comes from suspicious locations, including IP addresses that are part of residential ISPs. Even though we have a static IP address through Verizon Business, it’s still part of Verizon’s greater IP pool - which includes all their dynamic IPs for residential FiOS and DSL services.

Google blacklisted me the second I tried to send a message to an @gmail.com address. It was just downhill from there. I found out from some people on IRC that I needed a reverse DNS entry if I wanted anyone to relay my email, so I called up Verizon and got that taken care of. Yahoo, MSN, and AOL started relaying my mail, but Google kept delaying delivery, claiming that an “unusual amount of unsolicited email” was coming from my IP address.

After many hours on IRC and doing additional research on Google, I decided it probably wasn’t worth it to keep wrestling to make the big mail servers of cyberspace deem my rinky-dink little server worthy of their approval. It was time to look for other solutions.

I decided right from the start that I did not want to deal with hosting mail. I have no interest in trying to mitigate mass quantities of spam. My friend Julie over The Gadgeteer got on the Gmail Apps boat and moved her own email over to Google. It seemed appealing enough, so I decided to give it a shot. Google Apps offers a free version to cheapskates like me who can’t or don’t want to pay yet another monthly fee. The free version includes Google mail, calendar, sites, chat, and docs. Works for me!

Google was brilliant about the whole thing. I signed up, and when I clicked in the web-based control panel to set up email, it automagically discovered that my domain (polatrite.com, in this case) was registered with 1and1.com, so it directed me to a 1and1-specific how-to on setting up the MX records for my domain. About 18 hours later, 1and1 and Google had both updated their servers and records, and I was in business. Now it was time to figure out how to make my web server send email through Google’s SMTP servers.

Which is why we’re here today. If you’re still paying attention, that is. As always, this is a little screenshot-heavy, so hit the jump to carry onward.

Read the rest of this entry »

It’s a good thing I’m not trying to make a living off blog-writing, or else I’d be living in a cardboard box by now.

Life is busy, work is extra busy, things are moving at a fast pace…so ABetterGeek has gone by the wayside a bit. Don’t worry; I’ll post soon.

Before the end of 2009, at least.

I just got an iPhone and switched to AT&T after five years on Verizon Wireless. Don’t get me wrong - I really liked Verizon. It’s just that I left my previous employer several months ago, and I knew that resigning a contract meant they’d validate my employment status, realize I was no longer employed there, and cancel my 20% discount.

Fortunately, I discovered that Purdue has a deal with AT&T, so I was able to get 20% off both the voice and data portions of my wireless plan. I knew I wanted a smartphone, and after playing around with the options, there was no denying that the iPhone beat the competition in usability, speed, and general awesomeness.

After I bought my 60GB iPod Photo in 2004, I swore up and down that it was the last Apple product I would buy new - yet here I am, with a shiny new iPhone. So sue me…things change.

Anyhow, I’m big on hacking and tweaking my stuff. My last Verizon phone was a Motorola V325, and I hacked the hell out of it to make it work how I wanted. Naturally, I jailbroke my iPhone within 24 hours of my purchase, so that I could better customize stuff like sounds and the UI.

I’ve been using one of the themes from Super Mario World for the past five years on each of my phones, so I knew I wanted to upload it to my iPhone. Turns out that adding ringtones takes a little work, but it can be done - for free, and with free software. iTunes will only let you create ringtones from songs you’ve downloaded from the iTunes Store. I’m going to show you how to create ringtones from any audio file, whether it’s WAV, MP3, AAC, or anything else.

First off, you need Audacity. This is a free, open-source sound editor that’s been around for awhile. You want to make sure to get the latest beta version, as it includes support for exporting to AAC (.m4a) format. Once you have Audacity, you also need to get the ffmpeg libraries, which will support exporting to multiple formats (including AAC). If this link is dead, try the version here.

You’ll notice that the file format of the downloaded libraries is a little odd (the second link will take you to a .7z version) - if you don’t already have it, 7-Zip will allow you to extract the files. Once you have the files extracted, copy them into the Plugins directory of your Audacity program folder - it should be something like C:\Program Files\Audacity 1.3 Beta (Unicode)\Plug-Ins.

If you want to make MP3 ringtones for phones other than the iPhone, you need the LAME libraries, available here.

Now you can load up Audacity (it’s in your Start Menu once you’ve installed it). The first thing you need to do is tell it where the ffmpeg libraries reside. Click the Edit menu, and select Preferences. Go down to Import/Export, where you’ll see a box about ffmpeg in the top left corner:

Click Find Library, and browse to the Plugins folder where you extracted the files. You’ll see that a single dll appears - click it, and click Open. You’ll now see something like this:

Now that Audacity is set up for exporting to AAC, we can start making our ringtones. It’s pretty screenshot-heavy, so click the jump to see the rest.

Read the rest of this entry »

If you’ve visited my site more than once, you might start to notice that the silly little tagline next to the logo in my header changes, in both content and appearance.

This is accomplished by way of a fancy little bit of PHP. The image generation uses the GD library (with FreeType support), and the fonts are all TrueType.

Again, since my Linode didn’t come with anything preinstalled, I needed to install GD first. It seemed like it might be a bit of a pain - the PHP manual page indicates I was going to have to recompile PHP. Fortunately, this was not the case.

I just had to download it from Ubuntu’s package manager…

apt-get install php5-gd

…and add it to the “extensions” section of php.ini…

nano /etc/php5/apache2/php.ini
 
extension=gd.so

…and restart Apache.

apache2ctl -k graceful

Once that’s out of the way, creating the image was remarkably simple - especially since I found a ready-made script that did exactly what I wanted.

The code is pretty long, so hit the jump to see the rest.

Read the rest of this entry »

I spent the better part of today redesigning the site. The new WP 2.7 interface kind of motivated me to revamp things.

Let me know what you think, if you find something broken, etc.

I just installed WordPress 2.7 today. Boy, is it exciting! The entire interface is different, and things can be accomplished much more quickly.

One of the neat features is the ability to add and remove plugins from the web interface. Unfortunately, WordPress only works with FTP and FTPS (FTP over SSL) by default. I don’t have an FTP server installed on my Linode, so I decided to see if I could use SSH instead.

Turns out it’s possible, but it sure was a beast to get up and running. I’ll go through what I did, in case anyone else had as much trouble with this as I did.

First off, you need to install PEAR. This is a nifty little utility that can automatically compile PHP extensions.

Keep in mind that I’m working in Ubuntu 8.04.1 here, and my Linode installation is very stripped down.

First, you need to install the command-line interface for PHP, which allows you to run PHP scripts from a terminal.

apt-get install php5-cli

Seeing as my installation of Ubuntu is devoid of pretty much any extras, I needed to install wget too.

apt-get install wget

Once that’s done, we can install PEAR.

cd /
wget http://pear.php.net/go-pear -O go-pear.php
php go-pear.php

Once the PEAR installation script is running, you need to configure the locations of each of the components. I chose to stick everything in /pear, but you may want to put it somewhere else. I’d recommend keeping option 3 to my setting, though.

1    /
2    /pear/temp
3    /bin
4    /pear
5    /pear/docs
6    /pear/data
7    /pear/tests

Now that PEAR is installed, we can get into installing OpenSSL and the necessary packages to make it work with PHP.

apt-get install openssl
apt-get install lsh-client
apt-get install libssh2-1
apt-get install libssh2-1-dev

With our libraries and packages installed, we can compile our ssh2 extension for PHP.

pecl install -f ssh2-beta

Finally, we need to add the extension to php.ini.

nano /etc/php5/apache/php.ini

Find the section titled “Extensions” and add this line:

extension=ssh2.so

And restart Apache:

apache2ctl -k graceful

In your WordPress admin interface, you should now see an “SSH” option when you go to add, remove, or update files on your server. WordPress provides text boxes to use your private and public SSH keys, but I found I only needed to use one of my user account’s credentials to authenticate to the server.

My friend Danny is a systems administrator and all-around IT guy at a manufacturing company in Indianapolis. He recently came up with a pretty useful little script, and wanted me to pass it on to the world.

Recently I needed to find out which folders a certain person was able to access on our Windows network. Apparently, this was extremely easy in Novell. Since it isn’t 1995 anymore, I tried to find a way to do this on the Internet. I couldn’t, so I set about making my own.

Microsoft has a utility called xcacls.vbs (if you’re using Vista, you’ll have to make sure WMI is installed, and modify the script. If you can’t do that comfortably, you probably don’t want to be messing with the rest of this anyway). It will allow you to change and view ACL’s from a command line. Since I’m not that interested in modifying the ACL’s in a script, the usage is fairly simple “xcacls c:\windows” will result in a listing of who has entries in the ACL and what the entry is (n.b. you’ll also have to have the default script host be cscript. Wscript won’t work).

In order for this to be useful, we really need to be able to have it run automatically on several, if not all, folders on a computer. The first step would be to get a list of the folders we want to run this on. I chose to limit it to one folder and all its subfolders only (c:\ will do everything, while c:\windows will only do the folders in c:\windows. If you want to do c:\windows and c:\program files only, you’ll have to run it twice).

What I was looking for was basically a text file that just had all the folders. This command will create exactly that:

dir "c:\program files" /s /b /o:gn /a:d > c:\batch\xcacls\dirlist.txt

Now that we’ve got a list of all the folders we need to search, we need to actually loop through it.

For /F "tokens=*" %%i in (dirlist.txt) do c:\batch\xcacls\aclSearch.bat administrator %%i

C:\batch\xcacls\aclSearch.bat is another batch file which takes two parameters (I’ll show you it in a minute). I call the other batch file so I don’t have to worry about how DOS handles variables (it doesn’t like to evaluate them during runtime, and will wait until the loop is done and use the final value for each iteration. It’s weird, I know).

A caveat about the for loop: when using for in an interactive CLI you use a single % sign in front of the i, when using it in a batch file, it’s a double %. Don’t ask me why.

aclSearch.bat contains the following

call c:\batch\xcacls\xcacls.vbs "%2" > c:\batch\xcacls\xcaclsResults.txt
 
find /i %1 c:\batch\xcacls\xcaclsResults.txt
 
if %errorlevel%==0 goto Found
 
goto End
 
:Found
 
echo %2 >>c:\batch\xcacls\%1results.txt
 
:End

This calls xcacls.vbs (from Microsoft) passing it the folder name. The quotes are there to handle filenames with spaces. It then sends the results into a temporary file called xcaclsResults.txt

Next we do a find using the search string (the first item passed – administrator in this example) on that file. If Find finds a match, the errorlevel is 0; if not, it is 1. If the errorlevel is 0, then the folder name is put into a results file named whatever the search string is, with results.txt appended (in this example it’d be administratorresults.txt).

So, how do you actually use all this? FindPermission.bat contains:

dir %1 /s /b /o:gn /a:d>"c:\batch\xcacls\dirlist.txt"
 
for /F "tokens=*" %%i in (dirlist.txt) do c:\batch\xcacls\aclSearch.bat %2 %%i

To search the c:\program files directory for anything the administrators group has access to you’d type:

Findpermission.bat "c:\program files" administrators

The results will be in the same folder you ran findpermissons from and be called administratorsResults.txt. To search the C drive for anything Danny Parrott has access to, you’d need:

Findpermission.bat c:\ "Danny Parrott"

The results from this one will be in Danny Parrottresults.txt.

This does require that Findpermission.bat, aclSearch.bat, and xcacls.vbs be either in the same folder, or in a folder that’s in the path variable. It will work for either users or groups. This process is also not instantaneous. The xcacl.vbs script can take upwards of half a second to run, so on larger systems, this is something you’d want to start and come back to later. On the plus side, though, it hardly uses any system resources while running (5MB RAM and 2-4% CPU time on a four-year-old server at work) so you can run it during the day.

There’s a handy little query you can run in SQL to retrieve the identity (primary key) value of a record you just created. So, you can do something like this:

INSERT INTO
  People (
    Name
  ) VALUES (
    'Joe'
  );
  SELECT @@IDENTITY AS NewName;

This query will create a new person and also return the identity value of the newly created record. It can be useful for all kinds of things - I use it frequently.

We recently upgraded to ColdFusion 8 here at Purdue, and my code started breaking.

It turns out that CF8 attempts to “help” you by automatically running SELECT @@IDENTITY after any INSERT query. This is problematic in two ways - it cancels out your own @@IDENTITY query, and it arbitrarily names the result Generated_Keys.

So instead of being able to do something like this:

<cfset TheNewName = People.NewName>

You must use this:

<cfset TheNewName = People.Generated_Keys>

It’s really more annoying than anything else. It seems like a good idea to include the code automatically, but I think it would probably be a little better if there were a conditional in there that prevents CF8 from inserting its automatic query if a SELECT @@IDENTITY query is already present.