arch linux - How to install archlinux 64 bits with openbox, broadcom-wl and zydas1211b without internet?

My only access is a hotspot, I could use it to download after activation ...

As I install it to my netbook, I will use an usb key so I maybe be able to add some stuff needed to it ...

apache 2.2 - Proxy Exchange Server using mod_proxy

I'm having a problem getting my Exchange Server to work with mod_proxy. This is my current VirtualHost config:

ServerName mail.example.com
ServerAlias www.mail.example.com
ProxyPass         /  http://localhost:446/
ProxyPassReverse  /  http://localhost:446/
ProxyRequests     Off

I set IIS to listen for HTTPS on port 446. But when I try to connect to mail.example.com it just loads forever. The reason why I want it to proxy is to setup HTTPS on our main domain. We previously had it setup that the HTTPS would go to Exchange directly (from our root domain). If you want more config files just ask. We are running Windows Server 2012 and the latest Xampp.

As requested, the Error.log from Apache:

[Thu Oct 16 04:43:08.921973 2014] [core:warn] [pid 10340:tid 348] AH00098: pid file B:/Xampp/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Oct 16 04:43:09.140744 2014] [ssl:warn] [pid 10340:tid 348] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Thu Oct 16 04:43:09.195432 2014] [mpm_winnt:notice] [pid 10340:tid 348] AH00455: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.15 configured -- resuming normal operations
[Thu Oct 16 04:43:09.195432 2014] [mpm_winnt:notice] [pid 10340:tid 348] AH00456: Apache Lounge VC11 Server built: Jul 17 2014 11:50:08
[Thu Oct 16 04:43:09.195432 2014] [core:notice] [pid 10340:tid 348] AH00094: Command line: 'b:\\xampp\\apache\\bin\\httpd.exe -d B:/Xampp/apache'

[Thu Oct 16 04:43:09.197320 2014] [mpm_winnt:notice] [pid 10340:tid 348] AH00418: Parent: Created child process 18308
[Thu Oct 16 04:43:10.204176 2014] [ssl:warn] [pid 18308:tid 412] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Thu Oct 16 04:43:10.258860 2014] [mpm_winnt:notice] [pid 18308:tid 412] AH00354: Child: Starting 150 worker threads.

Thanks for the help and sorry if this has been asked before.

EDIT
I'm now using the following block. But I can't seem to bind to the HTTPS port (443)

ServerName mail.example.com
ServerAlias www.mail.example.com
SSLProxyEngine on
RequestHeader set Front-End-Https "On"
SSLProxyVerify none 
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ProxyPass         /  https://localhost:446/
ProxyPassReverse  /  https://localhost:446/

ProxyRequests     On
ProxyPreserveHost On

ntpd - Things to consider when running public NTP servers

So, it recently dawned on me that since I have 3 GPS clocks in my network, I could, technically, give back a little and serve time to the rest of the world. So far I've not quite seen any downsides with this ideas, but I have the following questions;

1. Can I virtualize this? I'm not going to spend money and time on standing up hardware for this, so virtualization is a must. Since the servers will have access to three stratum 1 sources, I can't see how this can be a problem provided the ntpd config is correct




2. What kind of traffic do a public NTP server (part of pool.ntp.org) normally see? And how big VMs do I need for this? ntpd shouldn't be too resource intensive as far as I can gather, but I'd rather know beforehand.




3. What security aspects are there to this? I'm thinking just installing ntpd on two VMs in the DMZ, allow only ntp in through the FW, and only ntp out from the DMZ to the internal ntp servers. There also seem to be some ntp settings that are recommended according to the NTP pool page, but are they sufficient? https://www.ntppool.org/join/configuration.html




4. They recommend not having the LOCAL clock driver configured, is this equivalent to removing the LOCAL time source configuration from the config files?




5. Anything else to consider?

Answer

Firstly, good for you; it's a helpful and public-spirited thing to do. That said, and given your clarification that you're planning on creating one or more DMZ VMs which will sync to and make publicly-available the time from your three Meinberg GPS-enabled stratum-1 (internal) servers:

1. Edit: Virtualisation comes up for discussion on the pool list from time to time; a recent one was in July 2015, which can be followed starting from this email. Ask Bjørn Hansen, the project lead, did post to the thread, and did not speak out against virtualisation. Clearly a number of pool server operators are virtualising right now, so I don't think anyone will shoot you for it, and as one poster makes clear, if your server(s) are unreliable the pool monitoring system will simply remove them from the pool. KVM seems to be the preferred virtualisation technology; I didn't find anyone specifically using VMWare, so cannot comment on how "honest" a virtualisation that is. Perhaps the best summary on the subject said

   
   
   

   
   

   My pool servers are virtualized with KVM on my very own KVM hosts.
   Monitoring says, the server is pretty accurate and provides stable
   time for the last 2-3 years. But I wouldn't setup a pool server on a
   leased virtual server from another provider.

   
   




2. This is the daily average number of distinct clients per second I see on my pool server (which is in the UK, European and global zones) over the past year:

   
   
   
   

   

   
   
   

   This imposes nearly no detectable system load (ntpd seems to use between 1% and 2% of a CPU, most of the time). Note that, at some point during the year, load briefly peaked at nearly a thousand clients per second (Max: 849.27); I do monitor for excessive load, and the alarms didn't all go off, so I can only note that even that level of load didn't cause problems, albeit briefly.




3. The project-recommended configurations are best-practice, and work for me. I also use iptables to rate-limit clients to two inbound packets in a rolling ten-second window (it's amazing how many rude clients there are out there, who think that they should be free to burst in order to set their own clocks quickly).




4. Or remove any lines referring to server addresses starting with 127.127.




5. The best practice guidelines also recommend more than three clocks, so you might want to pick a couple of other public servers, or specific pool servers, in addition to your three stratum-1 servers.

   
   
   

   I'd also note that if you're planning to put both these VMs on the same host hardware, you should probably just run the one, but double the bandwidth declared to the pool (ie, accept twice as many queries as you otherwise would).

Will upgrading to Windows 7 Professional from Home Premium remove Media Center?

My computer came with a copy of Windows 7 Home Premium. If I upgrade it to Windows 7 Professional, what will happen to Media Center? Will it be deleted because it's not available in Professional, or will it be kept because I also have a license for Home Premium? (or just because it was already on there)

Answer

Media Center is included with Home, Pro, Ultimate and Enterprise so it will not be removed during an upgrade to Pro.

Windows 7 "Anytime" Upgrade is the easiest least expensive way to upgrade, be sure to keep your anytime upgrade key somewhere safe.

autohotkey - Using CapsLock as a Modifier + Standalone Key in Ubuntu

In Windows, you can use AutoHotKey to make Capslock a standalone key (say, binding it to 'escape') as well as a modifier (so that you can bind, say 'CapsLock + k', to launch a browser).

I've tried everything under sun to make CapsLock have its own special binding PLUS make it a modifier key in Ubuntu, but I'm convinced it's not possible.

Am I wrong? Does anyone know a way this could be possible?

sleep - Help me find the offending process waking my Windows 7 PC from hibernate every night

Recently my Windows 7 64-bit PC has started waking every night from hibernation around 3:30am. I have done the following to try and figure out what is causing the issue with no luck:

• Examined the Windows Event logs. Nothing is noted




• Ran powercfg -lastwake and that reports nothing




• c:\powercfg -lastwake



• Wake History Count - 1


• Wake History [0]


• Wake Source Count - 0

Ran powercfg to find what devices are armed for wake. Interestingly, this reports two items (I've already unchecked the "Allow this device to wake the computer" in device manager): The keyboard and something called the "eHome Infrared Receiver (USBCIR)". This is a desktop PC and it does not have an Infrared received, so I'm not sure what that device is. Suffice to say it does not have the option to "Allow device to wake..." available in Device Manager.

• C:\powercfg -devicequery wake_armed


• eHome Infrared Receiver (USBCIR)


• HID Keyboard Device

My next step is to disable the Keyboard from wake, but I'm not convined that's the problem.

This is on a Dell XPS435 if that helps anyone.

virtualhost - Apache Virtual Host Not Matching ServerAlias

I have a VirtualHost block defined like this for a domain:

    ServerName example.com:443
    ServerAlias www.example.com:443

If I use this URL, https://example.com/, the site loads as expected. When I use this URL, https://www.example.com/, Apache is delivering the content and SSL certificate for the very first virtual host defined in my config.

I understand the definition order of virtual hosts is significant, so it seems to me that the ServerAlias directive is not being matched for some reason. My web searches haven't turned up a clue for how to fix this issue.

Answer

Because you didn't care to read documentation on the ServerAlias Directive and therefore you have a wrong syntax.

ServerAlias hostname [hostname] ...

That's different from ServerName that can have optional port and scheme, but only one hostname:

ServerName [scheme://]fully-qualified-domain-name[:port]

ubuntu - SSH tunnel works through localhost but not by IP address or DNS lookup

There are two computers at my work - one which has a public IP address and another computer which has an Apache server running a browser-based application on port 80. Port 80 of the computer with the public IP address receives traffic with the DNS public.domain.edu. Port 80 of the computer with the Apache server is not public, but can be accessed on the local network through private.domain.edu.

I want to create a local SSH tunnel from the public computer's port 80 to the computer with the Apache server implemented. So far, I have tried this command from the computer with the public IP address:

    sudo ssh admin1@private.domain.edu -L 80:private.domain.edu:80  

When I run this particular command, I can access the web application on private.domain.edu by running a browser on public.domain.edu and typing "localhost" in the address bar. However, when I type in public.domain.edu's IP address in the address bar, it does not tunnel to private.domain.edu's application but instead says that the URL could not be found. Moreover, when I type the DNS lookup for public.domain.edu on the address bar, it still does not work.

How do I fix the SSH tunnel it so that, when I type public.domain.edu (or its IP address) on the address bar, I access private.domain.edu's web application?

Answer

Try sudo ssh admin1@private.domain.edu -g -L 80:private.domain.edu:80. As the man page notes:

-g Allows remote hosts to connect to local forwarded ports.

Note, though, that this probably isn't the best way of accomplishing what you're trying to do. If you want to enable access to an internal web application from outside, but just for yourself, a VPN of some kind would be less subject to abuse; if you want to enable it for all, talk to your local network admin and get a port punched through the firewall.

Backup software with local data loss prevention (on not always on-line devices)

I am looking for a backup software that will allow me to backup to a remote server, and automatically keep not synchronized local changes on a second storage medium (like a flash memory card), so that even if the hard drive crashes no data will be lost as using the second storage medium and the remote backup will allow me to restore up to the last point.

What backup software has this feature?

windows 7 - How to regain USB disks folders permissions after switching to Win7?

I have a problem after upgrading my comp and installing Windows 7. Prior to that I did used Windows XP (SP3) and made a lot of data backups on external HDDs. Now comes the problem - those backups were made by WinXP account and now in Win7 I can't rename/delete any of files/folders.

I know this is caused by ownership issues, to make things right again I have to change folders (and it sub-folders and files) owner to my existing Win7 account. The problem is - I can't select all of the USB drives folders together (in group selection there's no security tab in properties), I have to go one-by-one and that is my question: Is there a way to automate this somehow, how do I change ownership (or remove it altogether) from dozen of drives and hundreds of folders and files?

On a side note, there are few autorun.inf files from viruses my antivirus has deleted, but the files remained and they are not allowing me to change ownership/edit/delete them at all, even from admins account. So best answer would be a kind of tool or way to remove all permission limitations at once.

P.S. After I typed all this SE offered me similar question: Change permissions on folders (mass) , but I'm not sure this is exact answer, what to do with ownership?

Thank you very much for your help in advance!

Answer

Here's a page that gives a bit more explanation but basically you need to do

takeown /f  /r /d y

which hopefully will accept wildcards then

icacls  /grant administrators:F /T

from a command prompt that you ran as an administrator.

openvpn - How to get a list of options, that can pushed to the clients?

The OpenVPN manual currently only states:

This is a partial list of options which can currently be pushed: --route, --route-gateway, --route-delay, --redirect-gateway, --ip-win32, --dhcp-option, --inactive, --ping, --ping-exit, --ping-restart, --setenv, --persist-key, --persist-tun, --echo, --comp-lzo, --socket-flags, --sndbuf, --rcvbuf

But how do I get a complete list of options I can push to clients?

64 bit - Memory sticks, 32 and 64 Bit OS

My current setup:

Windows Vista, 32 bit

• 2 sticks of 1 GB Kingston HyperX 1333Mhz ram


• Asus P5K3 Deluxe Motherboard

My Theoretical, temporary setup

• Windows Vista, 32 bit


• 4 sticks of 2 GB, 1333 MHz ram

Final setup in 2 months time

• Windows 7 Home Premium, 64 bit


• 4 sticks of 2 GB, 1333 MHz ram

Questions:

Is there any problems with having 8 GB ram in a 32 bit Windows Vista?
As i understand it, i would simply only be able to utiluse ~3,2 GB of them. The rest would just be unsused.
Is this correct?

Does anyone have any notes i should be aware of, before buying this?

Answer

Is there any problems with having 8 GB ram in a 32 bit Windows Vista? As i understand it, i would simply only be able to utiluse ~3,2 GB of them. The rest would just be unsused. Is this correct?

Yes, the extra memory will be physically present, but not usable by a 32-bit OS. It will not cause problems.

crash - Memory eating programs lock up the system

I have the following problem: A program has a bug like the following

int main() {
  for(;;) {
    char *p = (char*)std::malloc(1024);
    std::memset(p, 1, 1024);
  }
}

And it keeps allocating memory all the way, until my system starts swapping pages of other applications out in favor of that program and i can't do anything anymore on the box. I've hit this problem several times with different applications (today, it was with moonlight 2 beta in firefox). I though the problem is because the program causes other program's memory to be swapped out, and so it could use more physical memory.

Naturally i looked into ulimit, and found two settings

-m the maximum resident set size
-v the size of virtual memory

I read that the first denotes the total physical memory size the process can use at once. To me, it seems that this is more sensible than the total virtual memory size, because it may be shared, and it could be of no importance at all because it's swapped out anyway. So i added the following to my .bashrc after looking at usual resident set sizes with top, which range up to around 120MB for a usual firefox session, i found.

# limit usage to 256MB physical memory out of 1GB
ulimit -m 262144

But after running my above test snippet, it still brough my system down, and i had to wait around 5 minutes until the terminal recognized my ^C key presses. Usually, if i don't react within the first few seconds, in these situations i can only press the reset button, which i really don't like - so does anyone have a strategy for how to solve this? Why doesn't the physical limiting work? It seems to me that this way other applications should still have enough physical memory to react sensibly.

linux - How much memory would be needed for a Wordpress site with 8.000 hits per day with the occasional spike?

I'm running a Wordpress site with about 8.000 hits per day, which occasionally spikes to 12.000 hits. I'm currently considering a VPS server. My setup is WP with Apache and MySQL.
Can anyone recommend how much memory would be sufficient in this situation?

Answer

No one can completely answer your question without knowing details about your install, such as what plugins you are running and the memory requirements of each plugin.

Wordpress does not scale well without some sort of Caching plugin. W3 Total Cache and WP Super Cache are both great plugins that will let your site scale much beyond a default Wordpress install. These plugins essentially minimize the dynamic PHP compilation and SQL hits and instead serve HTML files.

It then becomes a calculation much like any other busy web server. How many images are coming off of your server? Is output gzipped? Are you planning for future growth? Many factors go into how fast the website will serve up and how much RAM you will need.

That being said, at your current size I think I would go with at least 1GB of RAM, assuming you use a caching plugin and have minimal graphics serving off of your server. However there are big caveats above.

windows 10 - why is the size of available shrink space is only 13286 MB on 250 GB Samsung SSD with 130 GB free?

I want to shrink C: drive by at least 30 GB but I can't go above 13GB using Windows 10 disk Management tool when 130GB is free

Why is the available shrink space so low even when 130 GB is free?

Answer

The main reason for not being able to shrink the disk are that there are unmovable files on the disk at the time of trying to shrink the volume (as your screenshot says).

The most common "unmoveable" files are files which are locked during normal computer operation such as virtual memory/pagefile/system restore files as well as a few other files which may be open, but not running "in memory"

Having come across this myself previously on both server and desktop operating systems - I can say the most likely culprit is the pagefile.

To fix this:

Right-click Computer
Select Properties
Select Advanced system settings
Select the Advanced tab and then the Performance radio button
Select the Change box under Virtual memory
Un-check Automatically manage paging file size for all drives
Select No paging file, and click the Set button
Select OK to allow and restart.

Once your machine has rebooted and you know you have no page file (check at the root of C: with hidden and system files showing) - try a defrag and then try shrinking the volume again.

Don't forget to reset your pagefile back to its original size afterwards! Failure to do so will potentially cause significant performance issues with any machine.

Hope this helps,

windows - How can I delete this directory?

I thought I would try to delete a directory today. Little did I know, Windows wasn't going to let me.

C:\Data\Projects\acme\4.2.0>rmdir /s product
product, Are you sure (Y/N)? y
product\release - Access is denied.

This is happening under a command prompt which is running as Administrator. I thought I would try to figure out who it's owned by, if it wasn't Administrator:

C:\Data\Projects\acme\4.2.0\product>dir /q
 Volume in drive C is Windows 8
 Volume Serial Number is 38F9-44D7
 Directory of C:\Data\Projects\acme\4.2.0\product
01/02/2013  14:47              RADISH\Trejkaz          .
01/02/2013  14:47              RADISH\Trejkaz          ..
01/02/2013  14:47              ...                    release
               0 File(s)              0 bytes
               3 Dir(s)  79,467,786,240 bytes free

"..."? What the hell? Let's ask SysInternals, they usually know how things work:

C:\Data\Projects\acme\4.2.0\product>accesschk.exe release
Accesschk v5.03 - Reports effective permissions for securable objects
Copyright (C) 2006-2012 Mark Russinovich
Sysinternals - www.sysinternals.com
  Error getting security for C:\Data\Projects\acme\4.2.0\product\release:
  Access is denied.
No matching objects found.

It seems like I will have to get to SYSTEM level to delete this directory, even though I created it myself.

I tried some techniques mentioned here:

http://blogs.msdn.com/b/adioltean/archive/2004/11/27/271063.aspx?Redirected=true

None of these work because I don't have the required permissions under an Administrator command prompt. Windows 8 seems to have locked this stuff down so hard that you can't use your own computer anymore.

Trying to take ownership via Explorer gives this cryptic dialog, which suggests clicking a Change button which doesn't even exist on the dialog:

Answer

Boot from Hiren's BootCD (actually you don't really need to burn it, it's possible to drop it on a pendrive), then choose Mini Windows XP from the menu and use it to delete that directory.

I think I don't have to mention that to do this, you must have a Windows XP license - otherwise it's illegal.

Another option is to use some Linux distro with ntfs-3g driver (eg. Ubuntu), which is considered safe for writing NTFS volumes - although this is a special case, so be careful.

Ah, and running chkdsk /r C: may help if that's a corrupted file descriptor problem.

email server - DMARC report: SPF fails with mx-domain as spf-domain in auth_result

I have setup a mail server with several postoffices/domains. DKIM, SPF and DMARC are setup for every domain. For the mailserver domain, which is a postoffice as well, I get weird DMARC reports, where the spf auth result lists the mx domain and the result is none. All other domains pass DKIM and SPF with the same DNS Records.

DNS-Records for all domains are setup as follows:

• @ 10800 IN MX 10 mail.msdomain.net.


• @ 3600 IN TXT "v=spf1 mx -all"


• domain/msdomain._domainkey 3600 IN TXT "v=DKIM1; p=***; v=DMARC1; p=none; rua=mailto:abuse@domain.net; ruf=mailto:abuse@domain.net"

And here's the weird DMARC report:

    
        my.dedicated.ms.ip
        2
        
            none
            pass
            fail
        
    

    
        msdomain.net
    
    
        
            msdomain.net
            pass
            msdomain
        
        

            mail.msdomain.net
            none
        
    

I just don't get it. Why is DMARC evaluating my mx domain for SPF. Mails are coming from info@msdomain.net and not from info@mail.msdomain.net.

Can someone help?

Answer

Adding the "a"-mechanism to the SPF record seems to have resolved the issue for e-mail addresses with the same domain as the mail server.

The new SPF record looks like this now:

• @ 3600 IN TXT "v=spf1 a mx -all"

The domain is now listed properly in DMARCs auth_results:

    
        msdomain.net
        pass
        msdomain
    
    
        msdomain.net
        pass

    

However for all other domains on the same mail server I left the SPF record the way it was since SPF always passed in DMARC reports for those domains.

• @ 3600 IN TXT "v=spf1 mx -all"

I'm not really able to provide a conclusive explanation for this. Maybe someone else can clear things up.

windows - Software displaying the time of an NTP server

Is there any software that can display the time from an NTP server? Irregardless of what is going on with the time in the operating system itself. Like, just enter in the hostname of an NTP server and then a digital clock displaying what time it gets from it, staying in sync.

I'm using the Meinberg NTP and I am getting a lot of stats from their NTP Time Server Monitor, but can't find the current time anywhere :p For some reason, I am not able to get the computer (running Windows XP, unfortunately) to sync with it or any NTP server so can't use the clock in windows. The servers that use this computer as their NTP server seems to be able to get a time from it though, but yeah... would be nice to see what time my NTP server actually have so I could at least try to see if two computers have the same time.

Looking for software running on either Windows XP or Mac OS X 10.4 or 10.5 (PPC).

Just to clearify: I don't want software that is an NTP server or that wants to set or show the time in the operating system. I want an NTP client that only asks an NTP server for the time, and then shows that time to me in a clear way.

Answer

C:\> ntpdate -q -d ntp.example.net

Should be part of the Meinberg suite build and will give good information about what is not working without changing the clock.

windows - Batch file with commands to run as administrator and standard user

I'm trying writing a batch file that needs to run some commands using a local admin account (start/stop a service) and some commands using the logged in user (copy files from the user directory) and I'm encountering problems. I have tried the following commands:

runas with /savecred

runas /user:(PC name)\(admin username) /savecred "net stop \"(service name)\""
runas /user:(PC name)\(admin username) /savecred "sc stop \"(service name)\""

When using /savecred I am not prompted for a password. Instead a command prompt window briefly flashes up and disappears. I am not able to tell what is in this window. The service is not stopped.

runas without /savecred

runas /user:(PC name)\(admin username) "net stop \"(service name)\""
runas /user:(PC name)\(admin username) "sc stop \"(service name)\""

These commands do prompt me for a password but then exhibit the same behaviour as the above commands - a command prompt window briefly pops up and the service is not stopped.

Ideally I would like to save the password for the session as I will need to run more commands with the details.

Is this possible and if so, what am I doing wrong?

linux - How can I measure actual memory usage from my running processes?

I have two servers, server1 and server2. Both of them are identical HP blades, running the exact same OS (RHEL 5.5). Here's the output of free for both of them:

### server1:
             total       used       free     shared    buffers     cached
Mem:       8017848    2746596    5271252          0     212772    1768800
-/+ buffers/cache:     765024    7252824
Swap:     14188536          0   14188536

### server2:     

             total       used       free     shared    buffers     cached
Mem:       8017848    4494836    3523012          0     212724    3136568
-/+ buffers/cache:    1145544    6872304
Swap:     14188536          0   14188536

If I understand correctly, server2 is using significantly more memory for disk I/O caching, which still counts as memory used.

But both are running the same OS and if I remember correctly, I configured both with the same parameters when they were installed. I did a diff on /etc/sysctl.conf and they are identical.

The problem is, I am collecting memory usage and other metrics over a period of time, (eg: vmstat, iostat, etc.) while a load is generated on the system. The memory used for caching is throwing off my calculations on the results.

How can I measure actual memory usage from my running processes, rather than memory usage by the OS for caching? Is used - (buffers + cached) a valid way to measure this?

linux - How does Synology Hybrid RAID work?

I'm not looking for what Synology Hybrid RAID (SHR) allows the user to do, but rather, what is the concept that SHR uses to allow you combine disks of different sizes? In most RAID implementations such as ZFS, Linux RAID/mdadm or Btrfs, only disks of the same size can be combined. I have also heard that SHR is based on Linux RAID, and if so, how can it allow me to use different sized disks when standard Linux RAID can't? Does it use a scheme where disks are partitioned into equal sized chunks and then setup in an array? The documentation on Synology's website explains the outcome that SHR can achieve, but now how it achieves it, which is what I would like to know.

iis 7 - Active Directory + IIS + SQL + ASP.NET

I have sent the following question to stackoverflow website

I have installed Windows server 2008 r2 on a virtual machine, Can I
install Active directory with domain controller + IIS + SQL server on
the same machine? I want to make web application and this web
application will authenticate users from Active Directory, the web
application should be published on the server IIS and the users should
access it remotely from their home using domain name of my machine,
Someone tell me that its very wrong to have IIS and Active directory
on the same machine

I got the following Answer

You can't use ActiveDirectory over the internet. At least not without
something like a VPN as a middle man. Their home computers will not be
joined to the domain, so there is no pass-through authentication.

Yes, it's a bad idea to put AD on the web server. Why is too complex
to get into in an answer here. Suffice it to say that even if you did
do this, it's probably would not work the way you are thinking it

should.

It's not impossible to do this. For instance, many of the Microsoft
"Small Businesss" products put IIS, AD, and SQL Server on the same
server. But, you kind of have to know what you're doing to configure
it securely.

Then I add the following comment

Thanks for ur reply.so what you think about the best way to do this as
I didn't do anything like that before should I install active
directory on a machine and IIS on another machine ? and what about SQL
should I add it to the same server of active directory ? I didn't
mentioned also that it will be Microsoft dynamics server that will
access some information about work and i have to read data from axapta
also ? also what is VPN and how can I use it to let users access my
web application anywhere ? Sorry for my long questions and thanks in
advance

so please if anyone can help I will be thankful

windows 7 - Java asks daily if I want a update on Win7

I get a daily Java popup that asks if it can make changes to my computer. (Win7 Professional, 64bit).

I still want Java to be able to do automatic updates but I don't want to be notified each day.

I found these topics regarding how to disable updates: how-to-stop-jucheck-from-running-java-wont-remember-check-for-updates-automat and cant-seem-to-disable-java-automatic-update.

However, I don't want to disable Java updates but I only want to get a notification each month or so. In the Java-control panel I clicked Update -> Advanced Settings -> Frequency: Montly. But it doesnt work. I found the same question here: java-popup-drives-me-insane

Does anyone know how to solve it?

Answer

The problem was that when Java asked for an a update and I pressed 'yes' nothing happened. Therefore, on a restart I was asked again for an update.

To solve this problem, I had to manually double click on the Java-Icon at the task bar after pressing 'yes'. Then, I could proceed with the installation of the update and wasn't bothered anymore.

windows - Extreme difference comparing directory size vs. used diskspace

On a Windows Server 2019 Enterprise, we have a disk with just one directory.

When we check the properties of the directory, the summary of file sizes is more than twice the amount of diskspace used (see picture)
When we do a "dir /s" on this directory, the numbers are about the same.

What's wrong with the directory properties dialog?
No symbolic links or directory shortcuts...

Size comparison

linux - Network Interface: block WAN but not LAN

I have two network interfaces on my Ubuntu server, eth0 and eth1. Currently both are configured with the standard routing rules, but I want to configure eth1 so it can only access other computers on the local network and NOT the Internet. Eth0 should be able to access everything. I've seen similar questions where people want to accomplish the opposite (access the Internet but not local computers), but am unsure how to adjust the rules to accomplish what I desire.

What rule(s) would I add to lock out eth1 from accessing (and be accessed by) the Web, but still allow LAN access?

---

Edit: A bit more information.

Current Scheme. Here's a paint image of what I currently have set up. There is a separate router on the network that handles connections to the internet.

I want to be able to disconnect the server from the internet at the drop of a hat if I suspect an attack (such as someone swiping my private keys and I need time to "change the locks"), but still be able to access the server via SSH from another local machine to fix the problems. I either want to accomplish this by disconnecting the red wire or running a script to bring down the eth0 interface.

Is there a way to accomplish this scenario with both interfaces connected to the switch, or do I need to move the red wire and connect eth0 directly to the router? I suspect by the answer below the ideal scenario would be to let eth0 handle all the internet activity and let eth1 handle the local activity.

Answer

I'm still a bit confused by your description. Here is what I understood:

+--------------+    +---------+
| Ubuntu  eth0 |----| Router/ |---- Internet
|              |    | Modem   |
|              |    +---------|
|              |
|              |    +---------+
|         eth1 |----| Switch  |---- LAN PC 1
|              |    |         |
|              |    |         |---- LAN PC 2

+--------------+    +---------+

So LAN PC 1, LAN PC 2 and the Ubuntu Server should be able to talk to each other (via eth1 on the Ubuntu server), and the Ubuntu server should be able to access the Internet, but neither LAN PC 1 nor LAN PC 2 should be able to access the Internet.

In that case, you just have to disable forwarding on the Ubuntu server (echo 0 > /proc/sys/net/ipv4/ip_forward, though it's disabled by default, or edit /etc/sysctl.conf to do that on boot). The server will contact the Internet via eth0, and the LAN via eth1.

If the situation is different, please edit your question to describe the situation.

Note that it's not network interfaces (eth0, eth1) that "access" anything, it's the computers themselves. Maybe that is the reason of the communication problem.

Edit

Yes, you can accomplish your scenario according to your drawing, but it will be tricky: "Double" connections to a network are no fun.

There's a solution that's a lot simpler, of it's ok that the other local PCs loose internet connection during an attack: Connect all PCs to the switch, and remove cable from switch to router when you suspect something. All computers keep their IP addresses, you can ssh from a local PC into the server using the numeric address. (Or you can run DNS/DHCP from the server instead of the modem/router in the first place.)

The proper solution to protect your server and at the same time allow your local PCs to continue using the internet is to set up a firewall (a cheap embedded computer with at least two LAN interfaces will do) between the modem/router and the Ubuntu server in the DMZ on the one side, and the local PCs on the other side. If you have full access to your modem/router (e.g. with OpenWRT), this firewall can also be placed there.

Now for your plan: It doesn't matter if the Ubuntu server is connected directly to the router or to the switch: The router has an internal switch, and cascaded switches don't change things, they count all as part of the same LAN segment.

Here's an outline what you need to do. It's untested, and will need a bit of fiddling, and there may be gotchas which prevent it from working at all.

• Assuming the Router/Modem runs a DHCP server, make sure both eth0 and eth1 get different IP addresses. Also make sure eth1 doesn't get the default route. You may have to modify dhclient.conf for that, possibly write different request lines for both inrefaces.




• Routing: eth0 should get the default route. eth1 should never get a default route, even when eth0 is down. You may have to fight installed programs/scripts to achieve this. eth1 should either only get a link-local route with higher metric (if that is possible), or no route at all (or a /1 subnet) while eth0 is up, and a link-local one when eth0 is down. That means you may have to set routes for eth1 in /etc/network/if-{up,down} for eth0 (or whatever the systemd equivalent is these day, if it works in systemd at all...).

Reason: if both eth0 and eth1 have routes with same metric into the local LAN, packets will be randomly sent from both interfaces, with different source IP addresses. To the receiving end in the LAN it will look like about half the packets are dropped (because the ones with the right source address never arrive). This is why a "double interface" into the same segment is no fun.

• You need iptables rules that block anything on eth1 except the port for ssh to and from the local LAN. Google for tutorials.

Quite a bit of work.

Edit

A simpler alternative is to create a network namespace (google for tutorials), move eth1 into that namespace, run sshd inside it, and all the other services outside of the namespace. That means both interfaces can have default routes etc., only sshd goes via eth1, and all other services go via eth0. eth1 would need iptables rule to restrict it to the local LAN on INPUT and OUTPUT.

Edit

As I said, remote debugging is very difficult (no feedback). If you can't get it to work, please make a new question and describe exactly what you did (ip route, ip addr on all relevant machines, tcpdump on relevant interfaces when you do ssh, etc.).

I just checked; as I don't have two ethernet interfaces, I used a virtual eth pair. Roughly, create a namespace and move your eth1 into it

# ip netns add blue
# ip link set eth1 netns blue

Make sure it gets a valid address and route, either by enabling DHCP and making sure it gets run, whatever method your system uses, or by setting it manually (for testing), something like

# ip netns exec blue ip link set eth1 down
# ip netns exec blue ip addr add 192.168.4.1/24 dev eth1
# ip netns exec blue ip link set eth1 up

You should get an address and a route, e.g. (this was done with a virtual eth pair, so it won't look exactly like this):

# ip ip netns exec blue ip addr

1: lo:  mtu 65536 qdisc noop state DOWN group default qlen 1
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth1:  mtu 1500 qdisc noqueue state UP group default qlen 1000
  link/ether e6:5a:19:e0:63:75 brd ff:ff:ff:ff:ff:ff link-netnsid 0
  inet 192.168.44.1/24 scope global veth1b
     valid_lft forever preferred_lft forever
  inet6 fe80::e45a:19ff:fee0:6375/64 scope link 
     valid_lft forever preferred_lft forever
# ip netns exec blue ip route
192.168.44.0/24 dev eth1 proto kernel scope link src 192.168.44.1 

Run sshd in that namespace in another xterm, add debugging flags and use a different port to make sure there's no confusion:

# ip netns exec blue /usr/sbin/sshd -D -d -p 222

Connect to it from the outside with ssh 192.168.44.1 -p 222, and that worked fine here: you can see the connection process in the debug messages.

Black screen with cursor during Windows 10 Upgrade

So I've been trying to upgrade to Windows 10 for a week now. I have tried upgrading via Windows Update, through the Media Creation tool's .exe, and through a created media USB.

Most recently, I tried installing Windows 10 through Windows update. It ran through its process (horribly slowly), and I went to bed. When I woke up this morning, it was told me it was ready to restart to complete the upgrade. I clicked the "upgrade now" button or whatever it was, and hopped in the shower. When I got out of the shower, my computer had a black screen with a cursor and a resolution that looked like it was 640x480 or something similarly small.

How can I fix this problem? What should be my next steps to troubleshoot it? I think my next plan of attack will be to unplug all USB devices prior to it turning on next time for the upgrade. Unplugging all secondary drives will be after that. Do these seem like reasonable things to do? Will the setuperr.log contain any information on what may have caused this black screen issue?

My system specs are:

• ASUS M5A99FX Pro R2.0


• AMD FX-8320


• Corsair Vengeance 16GB 1600MHZ (4x4)


• Samsung 840 Evo 250GB (and 3 other drives for games, etc.)


• EVGA GTX 970 SSC 4GB

Secure boot is disabled. Fast boot is disabled. I uninstalled any display drivers beyond the one for my GPU (my motherboard has no onboard graphics), as well as any 3rd party display programs. I made sure to update my NVidia drivers to the one that works on Windows 10. Only one monitor was plugged into the display when the restart happened. Windows update was as updated as it could be. Checkdisk had been run prior to the restart and had dealt with whatever issues it may have found. Region and location were double-checked as matching everywhere in the system. Relevant windows services were set to automatic. My system reserved partition has been assigned a letter drive in case Windows was unable to find it, as I have read up on a few issues where that fixed problems for people. I have tried the keyboard commands to switch display outputs. I have tried keyboard commands to turn on windows narrator to see if I could navigate any menu that might be there. No matter what, there is still the black screen with a cursor. There is no sound. I've read this can be caused by a wifi card; I have no wifi cards.

Once I restart my computer, it will revert back to Windows 8.1 because 10 will not have installed correctly, so I am out of luck no matter what I do at this stage.

A clean install is not possible, and is not preferred. I had a similar issue in trying to clean install 8.1, so I worry a clean install would still give me the same issue, and I can not afford to be without an operating system again. In upgrading previously, I ended up taking it somewhere to save me the headache. I am determined to conquer the problem this time, though.

Thanks in advance.

Answer

After getting home from work, it appears that the best way for me to get past the black screen with the cursor of some unknown resolution was to merely play the waiting game for an undetermined amount of time (it was longer than 20 minutes and less than 8 hours). It's worth noting that this black screen came up immediately upon booting and before the actual "upgrading windows" process with the circle on a black background happened, as there were no drivers that would have been improperly installed at that point.

Additionally, once it did get past that black screen with just a cursor and to the screen with the "Upgrading Windows" title and the circle on a black background, it froze at 25% through the upgrade, with the sub-percentage of "Copying files and drivers" (or something similar) being at 84%. I was able to fix this issue by turning off my computer via holding down the power button on my tower and unplugging the SATA cable from my DVD drive.

I powered my machine back on, and was taken back to the black screen with a cursor. I waited for maybe ten minutes until I was taken to a "Restoring your previous version of Windows" screen, which then took me to another black screen with an improper resolution and a cursor. After waiting another ten minutes, I was presented with the 8.1 log-in screen.

I had to reinstall some drivers for my computer via Windows update (which must have been lost at some point during the upgrade/downgrade process), and then attempted to upgrade to Windows 10 once more. The process took a lot longer than I would have expected for my machine, but by the time I woke up this morning, my computer had successfully upgraded to Windows 10.

TL;DR (1/2): If someone stumbles upon this in the future with a problem like mine (where the black screen with a cursor shows up but nothing else does PRIOR to the "upgrading Windows" circle on a black screen), waiting seems to solve it.

TL;DR (2/2): If, from there, your machine freezes 25% through the upgrade with the copying files and drivers at 84%, turn your computer off and unplug your DVD drive's sata cable. Attempt to re-upgrade to Windows 10 (I did so via Windows Update), and it seems to work.

raid - Dell PERC H700 and 8 disk slots : what are my options to increase disk fault tolerance?

We've got a Dell PowerEdge T510 which has 8 disk slots in the front. It is currently utilising 6 of these slots, and the disks are controlled by a PERC H700 controller. The disks are currently running in the following configuration

• 2x500GB in RAID 1 (OS partition)


• 4x2000GB in RAID 5 (file storage partition)

Considering that this server is our domain controller which hosts the Active Directory, I'd hate to see the server go down due to disk failures. Thus, I'd like to upgrade the server with disk fault tolerance in mind (and not storage capacity or speed). However, I'm not quite sure what my options are.

I was thinking of simply adding 2 more 500GB disks and convert the OS partition from RAID 1 to RAID 6, as this partition would be the most critical. We do have backups of important data on the RAID 5 partition, and it can be recreated within about 24 hours, but the OS partition would need more as it would require me to do a complete restore of Windows Server including Active Directory from backups.

However, I still acknowledge that RAID 5 has the habit of "acting up" during rebuilds, and I would of course love to convert this one to RAID 6 as well. However, the chassis only has 8 slots.

What are my options to secure this system with regards to disk fault tolerance?

Thanks!

UPDATE:

• Even though not stated initially, we do of course keep backups of the OS partition (Active Directory). I know that RAID is not a backup system.


• A second DC is not an option due to budget and licensing restrictions on SBS 2011.

The question was aimed towards my disk fault tolerance options. In other words, I'm looking for a good RAID setup.

sleep - Does shutting down regularly harm laptop or Windows?

I usually work with my laptop and always shut it down for studying or doing other works (for half hour to two hours, about 6 times/day).

Is this harmful?

Answer

Generally there is no exact answer however its best to not turn the laptop off and back
on a lot if it can be avoided. Shutting down the computer also uses power so for short
periods (many hours) using Sleep or better Hibernate would save power. Also allowing
electronices to cool and heat frequently is not the best for their long term use and
lifespan.

Using the Power Plans properly along with good Sleep and Hibernation settings, which
are dependent on how you use the computer, will get the best performance and lifespan
however there are no exact answers. Those which seem to be best for how you use the
system will probably also be best in the long run. If you "could" set with the magic settings
that would optimize the machines functions and life but then use the machine in a different
pattern, which we all would, then in fact you would actually get less use and lifespan than
setting to your use patterns.

One thing that many forget is that turning the screen off can also save power when you
will be away a short while and would not want to turn the computer off. This will save
some power over using a screensaver but can be hard to remember and does not save
a lot.

Best to refer to your System maker's Support, their on-line documentation, and their
forums about your model.

windows 8 - Use touchpad while "typing"?

My laptop (a Sony Vaio on Windows 8) disables my touchpad when I "type". This means actually typing, or just holding down a key like say, W, A, S or D. The touchpad stays disabled for a short period (<1s), after releasing all keys. Naturally, I want to turn this feature off.
The touchpad uses a Synaptics driver, but I can't find a setting anywhere to enable the touchpad when typing.
I found values that allude to this functionality in the registry (e.g. HKEY_CURRENT_USER\Software\Synaptics\SynTP\TouchPadPS2\ZoneManager\TPTyping - Enabled), but their value is always 0, so I reckon it must be coming from somewhere else.
I've tried reducing the touchpad's sensitivity, as I read somewhere that there that certain values might secretly activate the "palm detection" functionality, which in turn secretly activates the "disable then you type" functionality, but to no avail. (Yes, I already went quite deep into the rabbit hole.)

Edit 14-11-12: I've updated the Synaptics driver using the one from the Synaptics site, but I still don't have a setting to enable the touchpad whilst typing. (Neither do I have the "PalmCheck" settings.)

Edit 27-11-12: I've gone back to the original driver, as the generic one had too many issues for my liking. This version doesn't have PalmCheck either, but like the generic one, it does have something called "SmartSense". Apart from the name, it looks like PalmCheck. Turning it off however, did not solve the problem.

Answer

Since disabling SmartSense didn't solve the problem for me, I had to dig a little deeper.
After much toil and bickering with various forms of Sony Support, I gave up and tried messing with the Registry. After some failed attempts to disable the Synaptics filter driver that's attached to the keyboard, I found something that worked.

Solution:
In the Registry, go to the key HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTP\Defaults, and set the value of all string entries of the form PalmKms…, to 0. (Of course, they probably don't all need to be 0, but have fun finding out which one(s) you actually need!)
These values determine the amount of ms that the touchpad stays disabled after keyboard input has been detected.

I think Sony will probably issue an update to the VAIO Control Center where you can simply disable this functionality, but until that day, this fixes the issue.

Trouble activating Single Sign-On (SSO) on Trial subscription to Oracle Cloud

everybody

First, I am not sure I am really on topic here, but Oracle's own "cloud" support and community forums are not helpful (they get very little traffic and there were no responses yet). Maybe somebody over here has experience with Oracle's cloud offerings and has broader understanding than I have?

We're in the process of evaluating the Oracle's IaaS offerings, and I've subscribed to a Trial access to cloud services (it includes all the current cloud offerings like compute, storage, backup, Dbaas etc).

Trying to install the apps from the Oracle Cloud Marketplace, I discovered that enabling SSO is a prerequisite, and turning it on is described as follows:

You must authorize your Oracle single sign-on account to access your
identify domain, to enable discovery of all services:

• From the My Services dashboard, under Quick Links, select Set Preferences.


• Under Set Preferences, tick (select) the Permission Settings checkbox."

When I show the preferences, the only ones I see are for Languages and Notifications but nothing for "Permission Settings":

preferences screenshot

Does it mean trial subscriptions don't have access to this functionality (namely enabling SSO) or maybe I am missing something?

Regards

Edit: I had a response from the oracle's "chat" support:

Please note that this functionality is available in Trial accounts but in some of the Compute Zones it is not enabled yet. I believe your trial Compute Zone falls in that. Development team is enabling this on a phased manner and we hope to see this enabled in your Compute Zone soon though we do not have any timelines shared with us at the moment.

This means for me the functionality isn't yet available and there is no dates of its availability announced.

Answer

I had a response from the oracle's "chat" support:

Please note that this functionality is available in Trial accounts but in some of the Compute Zones it is not enabled yet. I believe your trial Compute Zone falls in that. Development team is enabling this on a phased manner and we hope to see this enabled in your Compute Zone soon though we do not have any timelines shared with us at the moment.

This means for me the functionality isn't yet available and there is no dates of its availability announced. I guess this closes my question, the answer is "not available for trial accounts as of yet".

windows - Cannot gain access to second drive (SSD)

Good morning,

I am having problems gaining access to my D drive on my Windows 10 machine.
I just get an Access is Denied Error. It was working fine on Friday. The drive does still show up in explorer. My login is part of the Administrators group on my pc.

Here is what I have tried so far:

1. Checked my group policies to see if anything has changed.




2. Tried the Error checking, by right clicking on the drive, clicking tools -> Check. This gives me the following error : "The disk check could not be performed because Windows can't access the disk"





3. Checked the security to see if I have access to it.
   This tells me "You must have read permissions to view the properties of this object" Click Advanced to continue.
   Clicking advanced won't show me the owner of the drive.
   I have tried changing the owner to SYSTEM, my login for the domain, my local login.
   In the permission tab it says "You do not have permission to view the objects security properties, even as an administrative user. Try taking ownership."
   I click change, and set it to one of the users mentioned above, then check the Replace owner on subcontainers and objects.
   Clicking apply gives me: "You do not have permiossion to read the contents of directory D:. Do you want to replace the directory permissions with permissions granting you full control. All permissions will be replaced if you press Yes." I press yes.
   I get "An error occured while applying security information to: D:\ Failed to enumerate objects in the containter. Access is denied."
   I click continue.
   The Windows security message "Unable to set owner on local disk (D:) Access is denied."




4. Tried running chkdsk on the D drive in both standard and admin command prompt. Get the error: "Access Denied as you don't have sufficient priveleges. You have to invoke this utility running in elevated mode."
   I get that in the Admin Command Prompt




5. Tried the above running explorer as admin




6. Tried disconnecting and reconnecting the drive from the mother board just to check the connections.




7. Tried takeown in standard and admin console. Access Denied error




8. Tried AccessChk from sysinternals

I have checked the following pages:

Permission error - Failed to enumerate objects in the container. Access is denied.

Failed To Enumerate Objects In The Container, Access Is Denied

Access Denied even though I am an Administrator

Can't take ownership of external hard disk

Access Denied on Local Disk D

Windows 7: Error assigning ownership "Unable to set new owner on.. Access denied"

Can't change permissions or take ownership of Local Disk D:

How to fix ‘Location is Not Available’ Error in Windows 7 & 10

Location is not available

Error: "The disk check could not be performed because windows cannot access the disk."

How to fix – Windows cannot access the disk

I can't access my own files under windows 10

Windows 10: You don’t currently have permission to access folder

How do I regain access to a directory under windows 10

After updating to Windows 10 not able to access E Drive

There are others but I think you get the idea.

The windows specs:
Edition: Windows 10 Pro
Version 170-9
OS Build: 16299.334

C Drive: SSD
D Drive: SSD

The only things that have changed that I can bring to mind recently is, I have installed the latest updates, and removed the hibernate file from my c drive. I have tried removing the updates and setting the hibernate file back, but this hasn't changed anything.
If it helps I can add the contents of my Event Viewer.

Any help would be appreciated as I am out of ideas.

Thankyou for your help.

security - Windows Vista Explorer via Runas... or Best Way for Domain Administrator to Work in a Limited Account

One thing that's annoyed me for a great while about administrating a Windows domain is trying to work primarily from a limited user account. Much of what I do on my workstation on a day to day basis doesn't require admin rights, so I prefer to run as a limited user for security reasons. The problem, of course, are all those times when I have to do something as a domain admin.

With Windows Vista "fast user switching" finally worked for machines in a domain, but I have a few problems with it: 1) Switching is slow, 2) About one out of five times, switching user accounts will cause Vista to forget my display settings to the point where they cannot be restored without a restart. Fun stuff.

Often times I only need a file browser to run with elevated privileges, and it appears as though there's no way to run an Explorer instance in this manner (via Runas). It also appears that browsing files via IE is now just running an Explorer process, and is thus limited in the same way.

I've been running FreeCommander via Sysinternals ShellRunas for this purpose, and it works. It's just not a good experience.

I would kill for something closer to sudo. Am I completely missing something obvious?

Windows Update Error 80244019 after long time searching for updates

I have not updated my Windows system for over 5 months now (Windows 7, 64bit, SP1). This happened by mistake, not on purpose, because Windows update was set to install updates manually with prompting at 3:00 am.

Today I tried to install the updates. The following happened in sequence:

1. I started updating a set of files totalling to 400 Mb or so, but I had to cancle after 1 minute, because Windows had to restart for a different reason.




2. After restart, I started update manually again, but it hang on "preparing system for installation".




3. Subsequently I ran the Windows update fix tool: https://support.microsoft.com/en-gb/gp/windows-update-issues/en

This lead to a partial fix only. The tool ran unfortunately in German. It says "Windows update error" in the second row and the first two items say "not fixed"

4. I ran the update tool again. Now apparently it was reset, since the earlier runs were not visible anymore. I had to search for updates again, which took a long time (3 hours). Then it stopped with error 80244019. See image. It says in german unknown error 80244019.




5. I am now trying to run fix: https://support.microsoft.com/en-us/kb/3102810 right now, but this fix says "Searching for updates on this computer" and does not show progress so far.




6. After installation of this fix, Windows Update found and installed the updates successfully again.




7. However: it only find Windows updates and in fact it says "You receive updates: only for windows" on the start page. In fact I remember unchecking a box for "receiving updates for other Microsoft products" following an advice in this thread: Windows Update fails with code 80244019. I did this before installing the MSU in step 5. Now, however, I cannot find this check box back in the MSU setting. See image. How can I now configure MSU to find MS Office updates etc.?

Screenshot translation: There are only two check boxes: "Make available recommended updates in the same way as critical updates" and "Allow all users to install updates". An option to to switch on searching for other updates is missing.

Edit: I found a screenshot on MS Office Help which shows how MSU should look and in fact looked before I updated it in step 5. You can see that the checkbox for "other MS products" which is checked in the example disappeared. It is the box I unchecked before step 5. In fact there is another checkbox below the yellow marked area which also disappeared after the MSU update. Very strange.

Again I need your help; perhaps this is a new topic and would deserve a new thread, but because it occures following the fix of the 80244019 problem, I leave it here.

EDIT 2: I opened a new thread adressing the new issue described in step 7 only here: Microsoft update (MSU) does not find updates for other Microsoft products (e.g. Office) after MSU update

Answer

To fix the update problem install https://support.microsoft.com/en-us/kb/3102810.

To fix the missing checkbox problem after the update follow instructions in Microsoft update (MSU) does not find updates for other Microsoft products (e.g. Office) after MSU update.

ubuntu - How to emulate mouse scroll in openbox?

I use laptop a lot and have no mouse.
I use trackpoint which substitutes the mouse very well except scrolling.
Is it possible to bind scrolling of windows to - for example - 'Ctrl + middle + mouse?

I was using Ubuntu recently and found out that such feature is there. I mean if middle button is pressed then mouse moving scrolls windows content.

Answer

After longer research it turned out that it's matter of Xorg (instead of openbox as i thought initially).

I found 2 solutions:

1. Get zip from link (it's compressed dir from ubuntu with the feature):

   
   

   http://speedy.sh/jfpqM/emulate-scroll.zip

   
   

   Create backup of Your system dir:

   
   

   $ sudo cp -r /usr/share/X11/xorg.conf.d/ /usr/share/X11/xorg.conf.d-bck
   

   
   

   Replace dir "/usr/share/X11/xorg.conf.d/" with the one from zip. That's it.




2. get the dedicated program for that.. more info at links:

   
   

   https://live.gnome.org/GPointingDeviceSettings

   
   

   www.grepmonster.wordpress.com/2011/05/31/ubuntu-11-10-middle-mouse-button-emulation/ (this is not link, because i'm too new to include 3 links in one post, sorry :) )

windows 7 - Unaccounted for space on SSD

I have a fairly new install of Windows 7SP1 and applications that hadn't changed much on a 500Gb (ok, 465Gb) SSD. All told, these used about 270Gb. The disk is a Samsung 850 EVO SSD, 500Gb purchased new with a fresh install of Windows last December, that ran without a hitch until a few weeks ago. Thus, there are no previous Windows installations, hidden partitions (besides swap, possibly), etc. NTFS formatted disk.

A few weeks ago, I basically ran out of disk space. I ended up having to recover some files which Windows wiped out doing a System Restore. Since then, I've only had about 20Gb free. In other words, there's roughly about 170Gb missing. I've done all the obvious stuff:

• Used Windirstat and other tools to verify that I'm only using about 270Gb


• Turned off System Protection


• Never had Indexing on - verified off


• No crash dumps


• Pagefile is 8Gb


• Disabled Hibernation, which I never use


• Virtually no temp files


• Disk cleanup came up with virtually nothing


• SSD is not over-provisioned



• Checked for ADs. About 100 found taking 32 bytes each on disk.

There are no hidden partitions that I can find. chkdsk and sfc came up with nothing. Apart from checking for data streams, I'm out of ideas.

bind - Spoofing DNS for another domain within a DMZ

I am setting up a DMZ disconnected from our corporate LAN. I've moved DNS services for the DMZ hosts into the DMZ with a stripped down set of zone info containing only what the DMZ hosts need to know. Some connections need to come back into the LAN from the DMZ. I know it's not ideal but it's still an improvement over how the infrastructure is now (basically, people are running services off their desktops).

Anyways, I need to connect to an LDAP server on the LAN, from the DMZ, over port 636. I have the connections working with the IP address, however the LDAP server is at another branch office, over a VPN, and the admin uses round-robin DNS so the IP isn't consistent everytime.

Currently, there are 6 IP addresses associated with the LDAP service (ldap.office.org). I could just add those 6 IP addresses to the /etc/hosts file in each DMZ host, but I would rather have them in DNS but they are not under the same domain for which my DNS is authoritative (hosts in DMZ are in "foo.dmz" domain where LDAP is "ldap.office.org")

How can I get my BIND server to serve the 6 IPs for ldap.office.org instead of forwarding the DNS request off to the internet root servers?

Answer

That sounds fairly straightforward. Create a zone on your bind server for ldap.office.org and add the 6 IPs as @ records.

If you can get the cooperation of the other admin, they could create an ldap.office.org zone and allow you to zone-transfer from their authoritative server (so that you don't have to keep your copy of the zone manually synchronized).

apache 2.2 - Excessive number of sleeping processes in CentOS - howto diagnose?

I have a a large number of sleeping processes, about 600, the majority of which are Apache processes.

Should I kill all these sleeping processes, or will that make Apache fail completely?

Why are these processes sleeping in the first place?

The Server is running CentOS 6 with Apache 2.2.

Answer

Killing all of your system's sleeping processes isn't going to solve any problem let alone the problem you're having.

---

Being structured and methodical in your approach is much better than flapping around wildly.

Personally I find Scientific Method (others call it something different) a wonderful tool to pull out of the system administration kitbag when diagnosing problems.

1. What is the actual problem you're trying to solve ?

A service stops responding.¹

2. So, now we know what the actual problem is we're solving we have some direction. Let's gather some information to help us figure out a solution.

   
   
   
   
   
   
   • Is the problem time related? Does it happen regularly or randomly.
   
   
   • Check your logs, all of them, not just the particular services's logs as something else may be causing the problem. Log entries generally have timestamps, this is to help you correlate events across multiple applications and services - use them. If necessary increase the log verbosity too.
   
   
   • Watch what your system is doing. Use tools like top, vmstat, iostat, sar, ps,tcpdump or even full blown monitoring systems.
   
   



3. Analyse the information you have gathered. What is actually happening on the system when the service stops responding? What is the state of the system's resources ?




4. Take appropriate action to remediate. Hopefully it's pretty obvious what's going on, you're running out of memory and OOM killer comes out to play, your swap activity is too high, your run queue is too long, you're iobound etc. If it's not obvious then you're probably not gathering the correct data - you know what to do, go back to 2.




5. Monitor what the changes introduced at 4. do.




6. Did the changes fix the problem ? Is it better? Is it worse ? Is there no difference ? Where you go from here depends on what you find. You may need to go back to 2. and gather more pertinent data or 3. to reanalyse what data you have or 4. because you identified a number of potential solutions.





7. Document your findings and the changes you made.




8. Go back to bed/home from work/to the pub.

¹ This could be anything though 'My server is slow', 'My server is using too much memory' ...

Can I define Alt key menu keyboard shortcuts for bookmarks in Firefox 3.6?

Can I define Alt key menu keyboard shortcuts for bookmarks in Firefox 3.6?

Example:

Tropical Weather is in the Bookmarks menu. A keyboard-only way to use this bookmark is:

Alt + B + + Enter

I would like to be able to do it this way:

Alt + B + W

Where the association of the underlined letter in the bookmark menu, W, to Tropical Weather is user-defined.

Is it possible?

Answer

It is possible by prefixing the shortcut in question with "w" or "W": Tropical Weather -> wTropical Weather. Then Alt + B + T will work as it will immediately open if there is only one shortcut that begins with "w". This is a general Windows feature, but with bookmarks we have direct control over the content of a menu, the booksmarks menu.

HowTo:

1. Open menu Booksmarks -> Show All Bookmarks.




2. Click on "Booksmarks Menu" in the left panel (it is in the tree All Bookmarks).




3. Select the bookmark in question on the right, Tropical Weather / http://www.wunderground.com/tropical/ in the example.




4. Add the prefix in the field Name, "w" in the example - the result is wTropical Weather.

If there is more than one shortcut that begins with "w" then rename the other shortcut(s) to not start with "w".

redhat - How to share VPN and DHCP server across multiple hosts?

I need to set up a small computer network for what is effectively a satellite office for a business. The small network consists of several workstations and a server. The server machine has two physical network interfaces, one of which connects to the internet, and the other which connects to the workstations. What we want is for the workstations to access the internet through the server's VPN connection to the greater company network.

However, most of the tutorials I have found seem to effectively perform NAT on the VPN connection to each workstation.

What I need is for every workstation and the server to be granted an address on the greater company network using the greater network's DHCP servers and domain controllers, and use their DNS servers too, via the server's VPN (rather than every workstation containing its own VPN client and all of them using an individual VPN connection). I assume that each workstation would still require an IP address on the smaller network too, and possibly a virtual network adapter to be configured - this is all acceptable for us.

Unfortunately my networking knowledge is not great, and so I am not sure what keywords to search for to find tutorials that accomplish this.

All of the workstations and the server use Red Hat Enterprise Linux 7.4 Server. I am free to make changes to the system in terms of software network configuration, but I cannot change the network architecture, nor the operating system version, if that matters.

macos - MacBook Pro 3,1 Snow Leopard Installation

I have an MBP 3,1 (Mid-late 2007 model) and I'm trying to reinstall Snow Leopard. I don't have the original discs with my Mac, I got an original Snow Leopard install disc from another MacBook Pro but when I try to install says "Mac OS X cannot be installed on this computer".

Is there any way to re-install Snow Leopard on my machine?

Answer

The discs that come with a Mac are custom to that model (at least they used to be). If the other MBP isn't a 3,1 model then the install can fail like you experienced.

If the two machines are the same model, it might be that the other discs are upgrade only, and require an existing OS X installation before the upgrade can proceed (I had this problem with a MacBook that came with Tiger DVDs and Leopard upgrade DVDs as Leopard was just out - you had to install Tiger first, then upgrade to Leopard).

"safe" ext4 configuration for systems running unattended

I have a system running linux that must run unattended for long periods of time. The system uses industrial CF card for storage. Most of the time there are no writes to flash, although every now and then some configuration data/settings can be modified. The system must be resistant to power failures.

I would like to use ext4 for this. What is the best way to configure ext4 for this kind of setup? Bearing in mind that:

• Performance is not a problem at all (especially write performance)


• Upon power loss, the system should always boot in a clean state, even if that means that data written in the last few seconds is lost


• If it is possible to avoid fsck, then all the better.

(I am aware of this related question:
Prevent data corruption on ext4/Linux drive on power loss)

Answer

I've worked in building a system for automation on boats, and there was a prerequisite: in every moment the power could go down and everything must boostrap again correctly.

My solution was to build a Gentoo-based initramfs system, with only a rw folder for application and configurations (this is the approach used by every router/firewall vendors). This solution add an additional layer of complexity when dealing with system upgrades, but assure you that the system will ALWAYS boot.

Regarding your specific question, you should keep EXT4 journal enabled for having faster fsck (of a few secods), use the data=journal mount option, lower the commit option or use sync option to keep buffers always empty.

Refs: http://www.kernel.org/doc/Documentation/filesystems/ext4.txt

macos - Why is "java" a valid command in terminal (bash) if it is not in my path?

On OSX, in the terminal, using the command:

echo $PATH

Gives me the following output:

/Library/Frameworks/Python.framework/Versions/2.7/bin:/Library/Frameworks/Python.framework/Versions/3.4/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/git/bin:/Applications/Android Studio.app/sdk/platform-tools

You can see that a reference to JAVA is no where in there. Yet in terminal, when I type:

java

It is seen as a valid command and outputs:

Usage: java [-options] class [args...]
(to execute a class)

or java [-options] -jar jarfile [args...]
(to execute a jar file)
where options include:
-d32 use a 32-bit data model if available
-d64 use a 64-bit data model if available
-server to select the "server" VM
The default VM is server,
because you are running on a server-class machine.

My question is this, how is it recognizing my java command if it is not referenced in my PATH variable and it is not referenced in the directory my terminal instance is currently exploring?

Thank you for the help.

Answer

Java is in /usr/bin on my OSX 10.9.4 system:

$ which java
/usr/bin/java

That directory is also in your command path.

The entry in /usr/bin is a symbolic link. Maybe you were expecting the actual java install directory to be in your path, but that doesn't have to be the case. Creating symbolic links in /usr/bin is a common practice.

$ ls -l /usr/bin/java
lrwxr-xr-x  1 root  wheel  74 May 17 17:02 /usr/bin/java -> 
    /System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/java

Filename length in Windows

When I try to save my files to Windows Explorer, I get an error message that states (in part): "filenames too long." The file names have been between 100 and 200 characters. My task is to include a fair amount of information in the Explorer file name.

I've been asking questions and researching, and understand that it's necessary to allow for the drive designation characters, the folders and sub-folders, and so on. I get that.

Once that's all taken into account, though, I'm still not sure what my parameters are for the number of characters to allocate for the specific file names.

Must I abbreviate my words with barbaric ruthlessness to keep the total way <100? Or am I able to spell most words out properly, thus exceeding 100? Does anyone else have any ideas?

windows 8 - Memory use increasing without any process

I am having some issues with my memory usage since a few days (maybe since the last Windows update I did if I remember correctly) where my memory slowly fill up to the 16 GB capacity over the course of the day.

It starts normally using around 1.5GB / 16GB and then increases by like 1GB per hour to get some abnormal stuff like 14GB used after a day, at which point I have to reboot to "clear" the memory.

I already tried a few things to try to find the issue but I can't seem to be able to find what causes this, here is more information:

Poolmoon which seems to show that the "Tag" responsible for the memory usage increase is Toke and Proc (MmSt and CM31 staying around 2GB all day):

RamMap memory usage:

Task manager Processes tab:

Task manager Memory tab:

Answer

Actually fixed the issue by simply uninstalling the Razer surround process (Sound driver) after seeing RzSurroundVADStreaming.dll in the WPT Graph.

Memory is stable after a 20 hours uptime around 2GB used.

Pending Update Notification from Windows 8 Desktop

In Windows 7 a balloon tip in the tray area let me know when I had updates that needed to be installed. In Windows 8 this seems to be missing or disabled by default. In fact, the only screen I've found which mentions pending updates is the log-in screen.

I even checked the metro start screen and haven't found anything mentioning updates. I'm using Start8 right now to avoid having to use the metro interface.

I prefer to install updates manually when I'm not going to be interrupted by a restart, but without a tray notification I'll never know when I need to. Is there a way to restore the old behavior from Windows 7?

Answer

This annoyed me, too - I wrote a program to restore the functionality.

Windows Installer won't boot from USB drive on Intel D525MW

I try to install Windows 10 on a rather old system.

• Mainboard is a Intel Atom Desktop board (D525MW) with a BIOS rev. from 2013.


• CPU is Intel Atom D525. Intel spec sheet If I read that correctly it's a 64bit architecture.


• USB Stick containing the image is a PNY 64 GiB (USB 3.0) stick


• Win 10 image is: Win10_1809Oct_German_x64.iso directly downloaded from MS (latest 64bit ISO in German)


• I wrote the stick by doing dd bs=4M if=Win10_1809Oct_German_x64.iso of=/dev/sdc


• I also tried partitioning the USB stick and writing to the first primary partition


• I also tried using a 32bit Image


• bios option „boot from USB“ was enabled

The outcome is, my BIOS won't boot from the USB stick claiming „No boot device has been detected, please press any key to reboot!" The operation light of the stick flickers at power on, so the USB-port might be working, but it shows no activity, when the time comes where I assume the boot device must be selected.

(I have built in the any key, very cumbersome, took me a week or more, so I can reboot at least)

What could be the hindrace to boot from the USB stick? Do I have to assume, that the stick is too big/new to boot from? Is my BIOS/Board broken? Are there additional settings in BIOS setup which I have to take care of?

Answer

DD is useful for dealing with images, but does not create bootable drives.

For linux, woeusb is a recommended tool for creating bootable drives from image files:

sudo woeusb --device local/of/my/windows-10-image.iso /dev/sdX