Posted: April 6th, 2017 | Author: jordan | Filed under: Linux, Work | No Comments »
Recently I was lucky enough to be a crew member on a sailboat that was making passage through the Caribbean. The Captain of the vessel, who lived aboard, was speaking to me about data storage and how difficult of an equation it was. Sailboats have very little power available to them when they’re underway as most don’t run their engine which is the only source to power the limited batteries kept onboard. He was thinking about picking up a Drobo-Mini and using SSDs to reduce the amount of draw on his system, however this solution is DAS based and doesn’t allow him access to the data unless he plugs directly into the box which means, you need a computer as well. Which is even more draw on the electrical system.
After a quick think and a look around the Internet I decided that the best way to address this issue would be to use a Raspberry Pi 3, a four port USB hub, multi-SD card reader, and mdadm, with smb, nfs, and upnp. I’m not going to go into the nitty gritty of how to setup a raspberry pi as there are many tutorials available online already. However I will touch on some performance metrics that I was able to pull.
It’ll be small physically, have very little power draw, each microSD card draws between 66–330 mW during data transfer, at idle 0.2mA. Each bank will be less than 1mA at idle and 1.2W during transfer. Each bank should yield close to 800GB, all together I’ve calculated 3.2TB of data storage at 6-8W. Pretty dope hey?
The issue is cost. Prices in CAD
Raspberry Pi is $60
case and parts $20
USB Hub $26
total: $106 plus tax / shipping
Four card reader $20
200GB microSD card $91
800GB bank total $384 plus tax / shipping
Performance will max out at around 40MB/sec which isn’t great however we’re not looking for performance we’re looking for efficiency.
I welcome comments to this plan below
My next step to this plan would be to get the Pi to be a wireless access point as well.
Posted: April 27th, 2014 | Author: jordan | Filed under: Insight, Mac OS X, Mac OS X Server, Work | No Comments »
I’m an Apple consultant. I help small businesses who want nothing to do with the decision making aspect of technology. Planning, budgeting, procurement, deployment, support, deprecation, and recycling. Out of all these contexts no task is more challenging than workstations.
For those who are in the field, you know what I’m talking about. You get a new customer, they have workstations… some are new, some are old, some have MacKeeper, the bastard ones are carrying old migrated home folders that originated from 10.4 and a Cisco VPN kext. Some have 16 mail accounts filling 70% of the disk but since they’re “disabled” in Mail.app you don’t see them at first. Now you have to dig to find out where the space is. Do this across 10 – 50 workstations and you will soon realize why I went bald early.
I needed a quick dirty way to get some very specific data out of the machine and into a little text file, yes I’m sure there are some sort of MDM tools or whatever might have you that will track everything that I don’t care about widget, but I don’t want that. It’s about workflow, see if I don’t get an idea of what I’m stepping into before I step into it I may find out something nasty far too late. In other words, I wouldn’t deploy an MDM before getting an idea of what’s going on.
Introducing sysAudit.sh: feel free to download here
usage: sysAudit.sh -c <client name> -s <ftp server> -u <username> [-p <password>]
-c unique identifier for audit, a folder of this name will be made on your ftp server
-s ftp server fqdn/path sans protocol ie: mybigfat.ftpserver.com
-u username to connect to ftp server
-p password for username, will prompt if none given
Requires root privileges to successfully deduce all features
Once I begin relations with the new customer I immediately gain admin access to all their machines, after placing the following script somewhere on the web I can then push it out through ARD in a script something like this:
curl -o /tmp/sysAudit.sh http://www.copiousit.com/sysAudit.sh; chmod +x /tmp/sysAudit.sh; /tmp/sysAudit.sh -c clientname -s ftp.server.com -u ftpuser -p "ftpuserpass"
I also have it wrapped in AppleScript so that I can pop it over email to any remote machines. Usually also along with a Meraki MDM as well. Just place this code into Script Editor, then save as an application. Place sysAudit.sh inside the package of the AppleScript app.
## change the switch arguments!
set path_ to (path to me as string)
set p to POSIX path of path_
do shell script "" & p & "/sysAudit.sh -c clientname -s ftp.server.com -u ftpuser -p 'ftpuserpass'" with administrator privileges
Posted: February 27th, 2013 | Author: jordan | Filed under: Blog, DNS, Kerberos, krb5, LDAP, Linux, Networking, Work, Zentyal | 4 Comments »
Get a terminal session on your Zentyal box and install the VNC service
sudo apt-get install vnc4server
Next, run the server once to initialize a config file, kill the service and make a backup of the config file and then edit.
vncserver -kill :1
cp .vnc/xstartup .vnc/xstartup.bak
Uncomment one line and add another:
# Uncomment the following two lines for normal desktop:
# exec /etc/X11/xinit/xinitrc
/usr/bin/lxsession -s LXDE -e LXDE
Then just launch
Watch the output so you can ensure what port to connect to. For example, the following means my VNC server is listening on port 5901
New 'mrsparkle:1 (jordan)' desktop is mrsparkle:1
Starting applications specified in /home/jordan/.vnc/xstartup
Log file is /home/jordan/.vnc/mrsparkle:1.log
Posted: August 24th, 2010 | Author: jordan | Filed under: Active Directory, Mac OS X Server, Snow Leopard, Work | Tags: Active, Active Directory, Directory, Home Directories, Open, Open Directory, SMB, Windows File Server | 1 Comment »
Recently I was hired to give my opinion about merging an existing Macintosh Open Directory(OD) network into a Windows Active Directory(AD) network. This was being done because Company A merged with Company B, and Company B being more powerful and larger wanted to stay with their AD infrastructure. My opinion was to move to a “Magic Triangle” setup where an OD server is bound to an AD Domain Controller(DC). The users and groups are managed by Active Directory, however the Mac clients are bound to both AD and OD for the purpose of being able to hand out MCX records to users, groups, and computers. I wrote this how to because no matter how much documentation I read I have not been able to find some of the key pieces of information I needed to accomplish this goal. On a side note, I would like to give a big hello to Alper Bac, current Systems Administrator of Cohos Evamy for his invaluable help in solving some of the AD configuration issues we were having.
On the Mac Server 10.6
Step 1: Check the Active Directory configuration.
Make sure your Active Directory server and its DNS service is properly configured and running.
Step 2: Turn on Open Directory service.
Use Server Admin to turn the Open Directory service on. After the service is turned on you can configure Open Directory service settings.
Step 3: Ensure the computer is a standalone directory service.
Step 4: Connect to Active Directory.
- Go to Server Admin, Open Directory.
- Click Settings button at top, then the General tab. The window should report that its role is “Standalone Directory.” If this is correct you can now click change, otherwise go to Step 3.
- In the pop-up dialogue choose “Connect to another Directory”
- Then Continue, and click “Open Directory Utility”
- The Directory Utility application will appear. If it is locked please unlock it.
- Ensure that active directory is uncheck
- Double click “Active Directory”
- Type in your domain and expand the arrow beside “Show Advanced Options”
- Ensure that “Create mobile account at login” and “Force Local home directory on startup disk” is uncheck. Then click OK
- Quit Directory Utility
- Back in the Open Directory Wizard box click Done
- Open System Preferences and go to Accounts
- Click on Login Options and Click “Join”
- Type the name of Active Directory Domain Controller (DC) in where it says “Server:” as well as the AD Admin user/password credentials in the appropriate boxes. Also give the computer an record name. This name will be the record that is created in Active Directory.
- Once joined the Mac will ask about Kerberos. Just ignore this for now.
Step 5: Set up an Open Directory master.
- Go to Server Admin, Open Directory
- Click Settings button at top, then the General tab. The window should report that its role is “Connected to another directory” If this is correct you can now click change, otherwise go to Step 4.
- Choose the first option “Remain connected and set up an Open Directory Master”
- If it complains about Kerberos just ignore this again.
- Setup the diradmin account. Give it a secure password as this is our Directory Administrator account.
- Now type in a relevant LDAP Search Base. If you don’t know what should go here just click continue. However if you don’t know what goes here yet you’re trying to integrate a Mac into AD I must say that you may be in over your head. 😉
- Confirm your settings and click continue.
- Now in Server Admin we want to set a policy under Open Directory. So click on Policies tab and then Bindings subtab and enable the “Require authenticated binding….” check box.
Step 6: Disable Kerberos on Open Directory master.
Disable Kerberos on your Open Directory Master server to avoid conflicts with your Active Directory Kerberos realm. In a terminal type: (use the diradmin credentials)
sudo sso_util remove -k -a username -p password -r NAME. OF.KERBEROSREALM
Step 7: Kerberize services.
Kerberize your Open Directory server services with the Kerberos realm of your Active Directory server, in a terminal type:
sudo dsconfigad -enablesso
On the Windows Server 2003
What we need to do is assign a home folder to an existing user account. So let’s grab the user account “Test” and map a home folder to it.
- Go to Start, Administrative Tool, Active Directory Users and Computers
- Right click domain name and search for users
- Open Properties and then profile tab
- Click the “home folder” radio button and select an unused drive letter. For our example it will be “Z:” and then enter beside it the Windows File server fqdn in this format. \\fqdn\share\username
- Once you accept Windows will go and create this folder and assign all the appropriate ACLs
On the Mac Client 10.5
What we need to do on the Mac client is bind it to both AD and OD.
- Login as a the local admin user
- Open Applications/Utilities/Directory Utility.app
- Click on “Services” and then double click “Active Directory”
- Expand the Show Advanced Options arrow and disable “Force local home directory on startup disk”
- Now click on “Directory Servers” and click on “+”
- From the drop down select “Active Directory” and type the name of the DC
- Enter the computer ID and AD username/password and click join.
- If this fails then try clicking on Services and double click on Active Directory
- Type in the domain and client ID here and click “Bind”
- Open Applications/Utilities/Directory Utility.app
- Click “+” and select “Open Directory” from the drop down menu
- Type in the name of the ODM
- The computer should ask you for the OD diradmin password and client ID. Type in the same ID as you did for the Windows box (for consistency’s sake)
Now you should have two directory servers listed in the Directory Utility both with green lights.
You should now have a working Magic Triangle. The user and group accounts come from Active Directory and their home folders come from a Windows back File Server. We can now use WGM to introduce things like Portable Home Directories and MCX records. Yay!
Portable Home Directories
- Open WGM (WorkGroup Manager) and authenticate as diradmin
- Create a new group called “Mobility” we’re going to use this group to designate PHD users.
- Under the members tab click on the Plus sign, a side bar should appear.
- At the top of the side bar will be a text string like “Directory: /LDAPv3/127.0.0.1” click on this and change it to “/Active Directory/All Domains”
- Wait up to a couple minutes and you will start to see users from Active Directory appears. You can drag these users into the members pane of WGM. AFAIK you can also embed AD groups although I’ve never tried this.
- Now we have an OD group with an AD user member as well as a computer record from the mac client.
- Let’s click on Preferences for the mobility group and then click on “Mobility” under Overview tab.
- Under account creation tab click on “Always” and check “Create mobile account when user logs into network account” a
- Then click on rules tab and select always for all three subtabs yet leave their default values. Except for checking on “Show status in menu bar” under “options” sub tab
- Now try logging in with your AD account again and watch as the mac creates you a PHD and enables the HomeSync menu.
If you have problems with this process then feel free to leave a comment with some contact info and I’ll try to get back to you and help. I’ll have another post coming up for you Windows Sysadmins on how to easily managed your mac clients with Group Policy. If you would like me to help you directly then please refer to my company website and use our contact form.
Update: Please check out next post regarding the deployment of this solution: http://jordaneunson.com/2010/10/apple-magic-triangle-deployment-results/
Update #2:I had a reader have trouble with this above procedure, we communicated for a while about his setup here: http://www.edugeek.net/forums/mac/72958-magic-triangle-permissions.html
Posted: January 13th, 2010 | Author: jordan | Filed under: Insight, Work | No Comments »
So if you’ve been reading my blog you’ll know that a couple months ago I quit my 9-5 job. Since then to be honest, I haven’t done much in the way of systems administration. I’ve had a couple contracts here and there but nothing really big. I tell you what, do the skills dull quickly! I sat down the other day to help a friend with a pretty simple problem. He had 10.5 OSX Server and wanted to extend his LDAP schema…. I couldn’t remember how to do it! Or just little things, mostly in bash, like how to tell processes to stfu. Don’t get me wrong I know how to do it, its just not coming to me as quickly as I would like.
To any sysadmins out there thinking about quitting, make a list of things you think are cool and don’t want to forget. Cause soon after your notice, there won’t be anything upstairs! 😉
Posted: November 5th, 2009 | Author: jordan | Filed under: Insight, Work | No Comments »
I quit my job. It’s was a big step…. no, it was a huge step towards where I actually want to be in life. I wasn’t happy working a 9-5 day in and day out. I think it has something to do with that salary slave (being paid one flat rate for all my professional services) feeling. That did not jive with how I wanted to live.
However, this new found freedom and choice of working for myself comes with a price. Finding funding. Thankfully my first few months have been funded by some smart decisions on my part as well as person who has a lot of faith in me. You know who you are. My concern actually lies in my next round, which will need to be quite substantial comparatively. It’s at this point that I begin to see the similarities between owning a startup, and having a sign similar to the one on the left. You see, when I had a full time position I was taken care of, in fact the company that I used to work for took care of me and all its employees so well that it was a very difficult decision to leave. When I walked out for the last time and saw that door close behind me the first thing that raced through my mind was; “did I do the right thing?” “Did I just totally screw myself over?” “Can I do this?” For you see, now I have no extended medical, no extended dental, no automatic payment system into my bank account and worst of all no one to blame except myself. This is the price that I have to pay. The sacrifice of that umbilical cord, that lifeline. My cash flow will no longer come via automatically deposited, semi-monthly payments. Instead it will come by means of investors and angels.
It’s a big leap of faith on my part to go after what I dream and at the end of day I feel happier and more fulfilled. I’m sure it will be a big challenge and a huge adventure, and really why wouldn’t I go for it? As Seth Godin pointed out to me in Tribes, it was the fear of the possibility of failure that was holding me back. Once I wrapped my head around that, I quit.
Posted: October 29th, 2009 | Author: jordan | Filed under: Insight, Work | No Comments »
Force a person to perform an action or accomplish a goal and they will do the absolute minimum.
Allow the same person the choice to accomplish the goal and they will not only accomplish it but go above and beyond the requirements.
I recently learned this while looking over different corporate policies. Companies without vacation policies didn’t worry about employees taking time off near a big deadline; they allowed their employees the choice — if taking time off before a deadline would be wise or not. That choice, that freedom, which the employee can feel, is so important to a company and to a company’s corporate culture. Without choice your workers will feel as just that, workers. Drones. Slaves.
Slaves have no choice, no freedom. They do what they are told or suffer the consequences.
For employees the consequence may be getting “written up” or perhaps even let go. Of course, this however will only motivate an employee to work the bare minimum. Consider the following situation, and again I’m going to use a vacation policy as an example: Bob wants to take time off of work, however the dates he originally selected are days before a large deadline. Bob says to himself, ‘those two days I booked off are coming up but I can’t go because the vacation policy mandates that I can’t.’ Now, what if Bob thouht the following instead: I want to take those two days off but I won’t because that big deadline is coming up. Instead I will take time off the next week. See the difference? It’s can’t versus won’t.
Bob made a choice to move his personal time off around for his company. He wasn’t forced. He chose to. This gives Bob a sense of pride in his work and, by not being forced to move his vacation due to some esoteric policy, by allowing him choice, he has no reason to resent the company.
Same can be said for working from home, taking sick days, whatever.
The more policies you put in place at a company the stricter you make it and therefore the less choice you allow your employees to make for themselves. When your employees are given “The Choice,” then they are choosing to not only do their job, but also to follow a company. Contrast that with being forced by corporate policy; the employees will drag their heels because they know they have no alternative. They are slaves. No choice.
If you want your employees to feel empowered, if you want them to be more productive, then allow them the choice to be productive.
Posted: October 23rd, 2009 | Author: jordan | Filed under: Insight, Work | No Comments »
Steps to meeting a prospective client.
The problem with being any sort of independent contractor is the amount of time you waste meeting clients who aren’t worth the air they’re using to speak. I’ve met my fair share of talk-is-cheap “business” people in my day and I can tell you with no uncertainty that you want to try and stay as far away from these people as possible. If they even show up to the meeting in the first place, they do nothing but ask probing questions and try to sucker you in to doing free labour. One client I had recently wanted me to not only network his office but also create a network topology for his product deployed on a nation-wide basis, on speck. I have one word for dealing with this type of people. Run.
First, when you are introduced to a prospective client or when one contacts you and requests a business meeting there are a few things that must be done right away. First, describe to them exactly what you do and what you do not do. This is important for people like myself, most of my clients do not understand the difference between a network engineer and a developer. That way you don’t get halfway through a meeting only to find out that they’re looking for a helicopter pilot and you’re an airplane pilot. However, in my own example, I have a great network of other independents like myself who I sub-contract to on a frequent basis. That way I try to accept new business that I can’t do and contract it out, act as a liaison.
Second, if they still want to meet request from them a quarter to half page itinerary outlining the topics and objectives for the meeting. The good thing about doing this is to foce the client into thinking about what they actually need from you, and to ensure that all their concerns are addressed so that subsequent meetings are not needed. The best part of this though is weeding out the talk-is-cheap people. They usually will not send you an itinerary, but if they do it forces them to stay on topic rather than jumping to different questions and topics trying to pull free info from you.
Third, as previously touched on. When meeting the client you want to stay on topic and what was written down in the meeting itinerary. You want to address all the of clients concerns and questions while staying on topic and at a high level. Remember that the meeting is simply to entice the client to give you the contract, not lay out in every detail the solution to their problem. Once the client is enticed ask for a one page project proposal outlining at a high level what it is that the contract will entail.
Fourth, once you have the project proposal from them you can begin to lay out the approximate cost of the contract and a time budget for when you expect to complete the project, or milestones within the project. This keeps not just you and the client on track, but also sets the expectation of project completion so that 2 weeks in you don’t have the client yelling and demanding it be done immediately. If the goals or tasks of the project change after you have begun work on it, then a new project proposal is to be drawn up and signed off on. I’ve found that some clients will agree to initial cost of the project, change the amount of work needed halfway through, and still demand the same price tag at the end.
Fifth, You have three choices for pricing, either by day, hour, or project. Hour is probably the worst choice as it creates more work and accounting for yourself. By project is a descent choice but only if you are 100% certain that you can complete the project without unforeseen complications. Otherwise you end up working a lot of extra hours or days without any extra compensation. By day is the best choice for me as most of my project take on average 1 – 7 days, and since most of the work is remote I don’t have to be entrusted to track hours. Clients will usually feel more at ease being charged a lump sum for a day rather than wondering if the contractor is actually working the amount of hours he claims.
These simple steps hopefully will help you weed out the talk-is-cheap business people and at the same time seem more professional to legitimite customers.
Posted: September 30th, 2009 | Author: jordan | Filed under: Work | No Comments »
This whole H1N1 thing has really put a damper in day to day activities. Just being able to have a social life of any kind is out of the question. I was at SuperStore the other day getting some pills when I ran into a friends sister, without thinking I shook her hand only to retract it with an immediate sense that I had done something wrong. I looked her square in the face and said “I have to go now.” Thankfully a quick text message to her brother and she was informed of her impending doom, I hope she is well.
Not being allowed to go to work has been strange. Of course I don’t mind being there while I’m sick but I’m sure my co-workers would have something to say about it. As strange as it has been, I’ve actually found myself quite productive in this satellite state. It’s as if the restrictions have been lifted and I’m free to go about working on things as I please. For example, today I delved into the inner workings of cloud computing and the competitive pricing models that are currently available, all the while build linux compute node images and migrating them with the Amazon EC2 cloud. Although I did happen to lose some hair while dealing with NFS. Which was OK considering I’m isolated anyways and therefore have no one to see my hair lose. I did however get an absolutely retarded picture of my mates chilling at pub and holding a glass up in honour of my absence. Thank God for iPhones.