Posted: October 29th, 2009 | Author: jordan | Filed under: Insight, Work | No Comments »
Force a person to perform an action or accomplish a goal and they will do the absolute minimum.
Allow the same person the choice to accomplish the goal and they will not only accomplish it but go above and beyond the requirements.
I recently learned this while looking over different corporate policies. Companies without vacation policies didn’t worry about employees taking time off near a big deadline; they allowed their employees the choice — if taking time off before a deadline would be wise or not. That choice, that freedom, which the employee can feel, is so important to a company and to a company’s corporate culture. Without choice your workers will feel as just that, workers. Drones. Slaves.
Slaves have no choice, no freedom. They do what they are told or suffer the consequences.
For employees the consequence may be getting “written up” or perhaps even let go. Of course, this however will only motivate an employee to work the bare minimum. Consider the following situation, and again I’m going to use a vacation policy as an example: Bob wants to take time off of work, however the dates he originally selected are days before a large deadline. Bob says to himself, ‘those two days I booked off are coming up but I can’t go because the vacation policy mandates that I can’t.’ Now, what if Bob thouht the following instead: I want to take those two days off but I won’t because that big deadline is coming up. Instead I will take time off the next week. See the difference? It’s can’t versus won’t.
Bob made a choice to move his personal time off around for his company. He wasn’t forced. He chose to. This gives Bob a sense of pride in his work and, by not being forced to move his vacation due to some esoteric policy, by allowing him choice, he has no reason to resent the company.
Same can be said for working from home, taking sick days, whatever.
The more policies you put in place at a company the stricter you make it and therefore the less choice you allow your employees to make for themselves. When your employees are given “The Choice,” then they are choosing to not only do their job, but also to follow a company. Contrast that with being forced by corporate policy; the employees will drag their heels because they know they have no alternative. They are slaves. No choice.
If you want your employees to feel empowered, if you want them to be more productive, then allow them the choice to be productive.
Posted: October 28th, 2009 | Author: jordan | Filed under: DNS, Mac OS X Server, Migrate, Snow Leopard | 1 Comment »
Stop DNS service on your Snow Leopard server.
Backup your DNS config files on SL server
mkdir /var/backups/dns; cp -r /etc/dns /var/named /etc/named.conf /var/backupsdns
copy the following files and folders from Leopard server into the same locations on Snow Leopard Server
start DNS via the command line on SL server
serveradmin start dns
Launch Server Admin and verify all zones are present
Posted: October 28th, 2009 | Author: jordan | Filed under: Snow Leopard | No Comments »
If you get an error similar to
10/28/09 10:52:04 AM com.apple.fontd dyld: shared cached file was build against a different libSystem.dylib, ignoring cache
Then you need to execute the following command
Posted: October 23rd, 2009 | Author: jordan | Filed under: Insight, Work | No Comments »
Steps to meeting a prospective client.
The problem with being any sort of independent contractor is the amount of time you waste meeting clients who aren’t worth the air they’re using to speak. I’ve met my fair share of talk-is-cheap “business” people in my day and I can tell you with no uncertainty that you want to try and stay as far away from these people as possible. If they even show up to the meeting in the first place, they do nothing but ask probing questions and try to sucker you in to doing free labour. One client I had recently wanted me to not only network his office but also create a network topology for his product deployed on a nation-wide basis, on speck. I have one word for dealing with this type of people. Run.
First, when you are introduced to a prospective client or when one contacts you and requests a business meeting there are a few things that must be done right away. First, describe to them exactly what you do and what you do not do. This is important for people like myself, most of my clients do not understand the difference between a network engineer and a developer. That way you don’t get halfway through a meeting only to find out that they’re looking for a helicopter pilot and you’re an airplane pilot. However, in my own example, I have a great network of other independents like myself who I sub-contract to on a frequent basis. That way I try to accept new business that I can’t do and contract it out, act as a liaison.
Second, if they still want to meet request from them a quarter to half page itinerary outlining the topics and objectives for the meeting. The good thing about doing this is to foce the client into thinking about what they actually need from you, and to ensure that all their concerns are addressed so that subsequent meetings are not needed. The best part of this though is weeding out the talk-is-cheap people. They usually will not send you an itinerary, but if they do it forces them to stay on topic rather than jumping to different questions and topics trying to pull free info from you.
Third, as previously touched on. When meeting the client you want to stay on topic and what was written down in the meeting itinerary. You want to address all the of clients concerns and questions while staying on topic and at a high level. Remember that the meeting is simply to entice the client to give you the contract, not lay out in every detail the solution to their problem. Once the client is enticed ask for a one page project proposal outlining at a high level what it is that the contract will entail.
Fourth, once you have the project proposal from them you can begin to lay out the approximate cost of the contract and a time budget for when you expect to complete the project, or milestones within the project. This keeps not just you and the client on track, but also sets the expectation of project completion so that 2 weeks in you don’t have the client yelling and demanding it be done immediately. If the goals or tasks of the project change after you have begun work on it, then a new project proposal is to be drawn up and signed off on. I’ve found that some clients will agree to initial cost of the project, change the amount of work needed halfway through, and still demand the same price tag at the end.
Fifth, You have three choices for pricing, either by day, hour, or project. Hour is probably the worst choice as it creates more work and accounting for yourself. By project is a descent choice but only if you are 100% certain that you can complete the project without unforeseen complications. Otherwise you end up working a lot of extra hours or days without any extra compensation. By day is the best choice for me as most of my project take on average 1 – 7 days, and since most of the work is remote I don’t have to be entrusted to track hours. Clients will usually feel more at ease being charged a lump sum for a day rather than wondering if the contractor is actually working the amount of hours he claims.
These simple steps hopefully will help you weed out the talk-is-cheap business people and at the same time seem more professional to legitimite customers.
Posted: October 20th, 2009 | Author: jordan | Filed under: Mac OS X Server, Snow Leopard | Tags: automator, leopard, netboot, netinstall, netrestore, snow, workflow | No Comments »
I administer a small network of about 30 mac clients and was not looking forward to upgrading them all to Snow Leopard. Booting each one off of a DVD, running through the wizard that takes forever and then the first boot song and dance that I am sure will be playing in the waiting room for Hell. Then the idea hit me to use Netboot and Apple’s System Image Utility to automate the whole process!
System Image Utility
Apple’s System Image Utility (SIU) comes with the default install of Mac OS X Server. Its purpose is to create images that can be used in the NetBoot server. There are three types of images you can create, NetBoot; allows macs to boot over the network from a server-based disk image. NetInstall; installs Mac OS X over the network from a hosted disk image. NetRestore; restores a volume over the network from an Apple Software Restore disk image.
We’re going to focus on NetInstall, but more specifically the customization of these images. First insert your DVD of Snow Leopard. Then, open the SIU app and click NetInstall and then click Customize. The SUI window will then turn into an Automator workflow and the Automator Library window should appears beside it. You’ll notice in the Library window there are a bunch of “actions” here. What I want to do is have a workflow that will format the hard drive, change the default packages to install and then setup a user after the install.
Drag in the Customize Package Selection action and place it in between the two pre-existing actions in your work flow, this being Define Image Source and Create Image. Then expand the arrow beside Mac OS X and select the packages you want to install via the “Default” checkbox. Then drag in the Enable Automated Installation action into our workflow and place it between the package selection action and then create image action. You can choose here whether to let the user select the disk to install to or if it should auto install to the disk named: (whatever). Finally add the Add User Account action just before the create image action and enter your user’s account credentials. If you need to you can also add the “Add Package/Post Install Scripts” to install any custom software or post-install scripts that you need. For myself I used this feature to install Radmind tools. Before click “Run” make sure your workflow looks something like…
Once the SUI has completed creating our image then launch Server Admin and enable Netboot and DHCP services. Configure DHCP to hand out address for your network. If you don’t know how to configure DHCP please read up at Apple’s website. Start DHCP and then click NetBoot. From here select Settings and then General. Check off the network adapter(s) that you want to use for serving out NetBoot. The select the Images tab and choose the image we just created as the default, also click the check box labelled Enable. Verify the protocol is set to NFS and click save then start. Note: don’t worry if you don’t have NFS enabled or configure, NetBoot will take care of all of that for you.
Now go to your client that you want to install Mac OS X on, turn it while holding down the “N” key. From here you can sit back and relax. Automator Power!
Posted: October 20th, 2009 | Author: jordan | Filed under: LDAP | No Comments »
Install Ubuntu Server Edition 8.10, boot it up and install OpenLDAP.
sudo apt-get install slapd ldap-utils
You can probably just accept the defaults if this is just for testing, therefore your domain will be dc=example,dc=com. In the install wizard it should ask you to setup your ldap admin user this user’s dn should be cn=admin,dc=example,dc=com
Then you’ll need to add two organizational units, one for People, one for Groups. Create the file myldap.ldif and place into it this:
If LDAP is running, shut it down with
Use ldapadd to add the ldif file to our LDAP database:
ldapadd -x -D cn=admin,dc=example,dc=com -W -f myldap.ldif It will ask you for your password that you set during the install.
Fire LDAP back up
/etc/init.d/slapd start and then install webmin:
sudo aptitude install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl
sudo dpkg -i webmin_1.441_all.deb
You can now navigate to your LDAP server’s IP at port 10000
https://your-server-ip:10000/. Note you will be required to enter the root password for the computer at this login screen.
From here we need to configure webmin to interact with our LDAP environment. Expand “System” and then select “LDAP Users and Groups.” Click “Module Config” at the top of the page and find the following option and enter this custom data:
Base for users ou=People,dc=example,dc=com
Base for groups ou=Groups,dc=example,dc=com
Click save at the bottom. You will be returned to the previous screen where you can now add LDAP users and groups. This is now a functioning LDAP server. You can query it from the command using ldapsearch
ldapsearch -x -h -b "dc=example,dc=com"
ldapsearch -x -h -b "dc=example,dc=com" '(uid=blah)'
Posted: October 18th, 2009 | Author: jordan | Filed under: Insight | No Comments »
It is important to take time off for several reasons – to reward, reflect, and recharge. Living a balanced life is extremely important for both your physical and mental health. Working harder and harder will result in being dead before you know it. Working hard and playing harder will enable you to accomplish goals more efficiently, sometimes subconsciously while taking time off!
Rewards are always needed
Reward – you should reward yourself for your hard work. Without some hope of reward, it is difficult to stay motivated. If you set a goal, attach a reward to it if you achieve it. It is a good idea to set the level of the reward relative to how well you achieve the goal. For example, a reward for reaching your goal, a bonus reward if you exceed your goal, and perhaps a consolation reward if you just fall short of reaching your goal but still made progress.
Reflect – without taking time out to reflect, you cannot correct your current course to ensure you are headed in the right direction. It is like wandering off to sea searching for the promised land with a map or compass but being so busy dealing with windstorms and a sinking ship that you never actually have a chance to use the map and compass for guidance. More than ever before, our brains our bombarded with information. So much in fact, that it cannot mentally process all of it, let alone formulate answers to the problems at hand. By taking time off to reflect, our minds have a chance to process and work through the problems to formulate the answers. It is often while relaxing on the beach sipping a cocktail that we have those “ahah” moments.
Recharge – all work and no play wears us out. Just like a car that needs an oil change every 6,000 kms, our bodies need to recharge so they can perform at their optimum. If you work and do nothing but work, soon your body will be like an engine with no oil in it, eventually making metal on metal contact until it seizes up and ceases to function. Take time off to recharge and come back stronger than before.
Ironically, it is often during time off when the most is accomplished, albeit behind the scenes. So remember, work hard. Play harder. Don’t forget to take time off. In fact, make a point of it and schedule time off. Your body. mind, and financial bottom line will thank you for it.
Posted: October 17th, 2009 | Author: jordan | Filed under: Collaboration, Zimbra | No Comments »
I have Zimbra Collaboration Suite installed for my personal network at home and wanted to integrate it to Open Directory for authentication purposes. The problem is though that Zimbra does not make this easy, especially when dealing with SSL certificates. Here’s what I did step by step (oooh baby)
1. Download and install the Zimbra package,
1.1 Next, verify your DNS is setup correctly. The server you’re installing Zimbra onto must have a DNS record, this record must be the server’s hostname as well as the domain’s MX.
1.2 the via SSH run
/opt/zimbra/libexec/zmsetup.pl as ROOT
1.3 Zimbra will assume that the machine’s hostname is also its TLD. Which 99% of the time is not the case. You can enter your TLD when it asks.
2. Enter admin password (3, 4) Enter License (19) Return (r)
If your Zimbra server is installed onto the Open Directory Master or Replica, change the LDAP port to be 390 (1,3)
Apply Changes (a)
3. Import the Open Directory’s LDAP SSL certificate into Zimbra as a trusted certificate.
Copy the appropriate OD’s ssl cert into the
/tmp folder on the Zimbra Server. The default cert is located at
if using self-signed cert X.509 these files would be
once copied run this command:
erase the cert in
sudo keytool -import -keystore /System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home/lib/security/cacerts -storepass changeit -alias LDAPAUTH -file /tmp/Default.crt
sudo -u zimbra /opt/zimbra/bin/zmcontrol stop and then start
4. Navigate to https://servername:7071 in your web browser to enter the admin console of Zimbra
5. Configure Zimbra to use the external LDAP as its domain authentication method
Expand domains arrow
Select your domain and click configure authentication
Select External LDAP
Enter IP and select SSL
for filter enter
enter the LDAP base
we are not using DN/Password, skip this step
test the configuration by using testuser/password credentials
6. Configure Zimbra to use the external LDAP GAL
Select configure GAL
ServerType – LDAP, enter your Open Directory Master IP, select SSL
for filter enter
for autocomplete enter
enter the LDAP base – note the auto populated entry will be for the local ldap
we are not using DN/Password, skip this step
use GAL sync settings at default (click next)
test the configuration by searching for a partial match on the user name – ie: if the username is “testuser”, search for “test” or first or last name of the test user, this data was entered into the info box in workgroup manager
if test results are successful, click “Finish”
For manual batch user provisioning of Open Directory users to Zimbra:
Enter all the accounts into a text file called userlist.txt with the following structure. Make sure you use the user’s shortname for the prefix in their email address
ca firstname.lastname@example.org “”
Then dump that text file into the zmprov command as follows
ca email@example.com “”
ca firstname.lastname@example.org “”
sudo /opt/zimbra/zmprov < userlist.txt
For manually provisioning Open Directory users to Zimbra:
SSH into Zimbra server
sudo /opt/zimbra/bin/zmprov ca email@example.com ""
Posted: October 13th, 2009 | Author: jordan | Filed under: Free Geek, Insight, LDAP, Vancouver, VPN | No Comments »
As I touched on very briefly in one of my previous posts, I volunteer. I volunteer for a non-profit organization by the name of Free Geek. It’s the local chapter here in Vancouver and they have a very simple purpose. Their website states: Free Geek is a nonprofit community organisation that reduces the environmental impact of waste electronics by reusing and recycling donated technology. Through community engagement we provide education, job skills training, Internet access and free or low cost computers to the public.
When I first arrived at Free Geek I was amazed at how much computer hardware there actually was, but even MORE amazed the second time I went to see that it all had changed. I mean, all of it. The amount of hardware that that flows through their doors is mind boggling. Immediately I knew this was something I wanted to be a part of. I met one of the founders and explained my talents and I what I could do for them, Ifny LaChance, she hugged me! She explained that Free Geek was desperately in need of a good Systems Administrator as their current person could not adequately handle the failing systems. The Free Geek infrastructure suffered from network outages, power outages, overheating, and poor performance, and they were all considered part and parcel of the environment. Most of the users had learned to live with it, or work around the issues.
They use a system called LTSP for all of their public and private workstations. These workstations were at a crawl. The first thing I took care of was all the physical wiring between computers, switches, and servers. While pulling cable out I would find the oddest things, like a six foot ethernet cable running from a switch to hub, then from that hub another cable extending about four feet to a switch. This switch was not only then connected to three different computers but also plugged back into the same switch that this connection originated from! After the wiring had been taken care of, an 802.1d trunk was introduced between two main switches and then VLAN’s were placed on the network to segregate subnets up a little better and to give some added security.
Since then I’ve gone on to introduce an OpenLDAP directory system, integrate user authentication for all workstations and switches. Created an OpenVPN install and added services such as SNMP monitoring by way of Zenoss. I am on a never-ending mission to improve the stability and the scalability of their infrastructure while only being able to work with recycled hardware and open-sourced software. It has been a great challenge, but of all the years I have worked with technology I must say that nothing compares with the satisfaction I feel from knowing my hours of labour are enabling an amazing organization to help keep this planet green and give back to the community.
Please visit their website to see how you can help. freegeekvancouver.org
Posted: October 10th, 2009 | Author: jordan | Filed under: Insight, Wireless | Tags: conference, infrastructure, setup, wifi | No Comments »
I hate, HATE, when I go into a conference, large meeting, campus, whatever and get a WiFi signal but my requests seem to go into the the database in the sky. Conferences are notorious for this. They pack a large group of people, into a small space with a single wireless access point for them all to share. Or worse, they place multiple access points in the conference hall, all with the same SSID, on the same channel and relatively close to each other. WiFi can support an extremely large amount of clients if setup properly. However you will need to take into account that as more and more people come into your network, they each create a signal with their laptop or phone and thus interference to other people around them.
First, cell phones, I do not mean WiFi enabled phones, no. I mean just standard cell phones that operate on either side of the WiFi 2.4GHz band. All those cell phones are creating interference at the beginning and end of the WiFi spectrum. With that in mind we first want to setup an access point in the middle of the spectrum, around channel 6. Most access points have a channel setting feature. However, as more clients join the network more noise will be placed into that little channel. Most people think that the WiFi access point is just overloaded and so they add another access point to the network. This will only ever make the problem worse. The problem is not bandwidth. Say it with me now: The problem is NOT bandwidth! The problem is the ‘signal to noise ratio.’
When Signal met Noise
The definition of signal to noise ratio is the ratio of noise power that is corrupting the signal power. A ratio higher than 1:1 indicates more signal than noise. You will notice that higher data rates like 54Mbps will drop off quickly the further you move away from the access point, a lot of people then try increasing the transmission power to allow the signal to travel further, but this just introduces more noise and thus the same SNR. The SNR dictates which data rates can be used in a wireless network. As data rates get higher, more complex methods are used for transmission and that requires much higher SNR to properly decode the signal back to the data stream on the receiving side.
Introducing Multiple Access Points
As I previously mentioned, you want to try and setup your access point around channel 6, for the sake of specificity let’s say channel 6. But once there are 25 people or so using this one channel it will be saturated and the SNR is going to go way down, thus reducing the data rates for you clients. Therefore adding another access point on this same channel is not answer, instead you want to add an access point on 2 channels away from 6, one at 4 and perhaps another at 8. Give them different SSID’s so clients can pick and choose which one to use, and name them based on the geography in which they lie. Name’s such “Access Point 1” are not a good idea, however a name like “South Wall AP” or “Stage Left AP” is. That way the user can figure out which AP is closest to them, thus ensuring maximum data rates.
Location, Location, Location
As previously mentioned, you’ll want to name your access points after where they physically lie. Also though, is to think about electric and magnetic interference. For example, placing an access point in ceiling directly beside a 3x20A conduit is probably not a good idea. Neither is putting it on top of a microwave or fridge. Give the access points ample space between them and finally try to get some better antenna’s than the stock ones.
With these tips you’ll be able to support a large amount of people in same location with ease and without frustrating the hell out of the conference attendees.