• Apple 10.6.5 update Failure (Fix)

    I have been pulling my hair out trying to get 10.6.5 to install on a particular macbook and kept getting this error with software udpate…
    “An Installation error occurred.”
    …and then I would have to reboot.

    or this one with the Full Combo update package…
    “The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.”

    The fix was to set the max file limit to 10000. This appears to have be adjusted by the Smart Board software that is installed on the laptop. This is all I had to run in the terminal…

    sudo sysctl -w kern.maxfiles=10000
    sudo sysctl -w kern.maxfilesperproc=10000

    The second one actually showed a schange from 2000 to 10000.
    I re-ran the Combo Update and had no problems with the install.

    I gleaned this from reading a few thread on Apple Support and actually found the fix here…
    http://discussions.apple.com/thread.jspa?threadID=2468522&tstart=0

    So, if you have “Smart” software installed and cannot install this update this might help.

     


  • Deploy Adobe Flash 10.1x with ARD-2

    By crmanski

    For some reason unbeknownst to myself Adobe decided to stop releasing flash player for Macintosh as a package sometime this summer. This is very inconvenient when trying to deploy the player on multiple machines in order to push patches to security holes in their software. With a little poking around I found that the package is in the download you just need to extract it. To do so…

    1. Download the player from Adobe’s site
    2. CTRL-Click on the file and choose show package contents
    3. Open the “Contents” folder and then the “Resources” folder. Inside you will see a files called “Adobe Flash Player.pkg”
    4. Drag/Drop or copy that package somewhere and use that to deploy the player with Apple Remote Desktop


  • Deploy Adobe Flash 10.1x with ARD

    For some reason unbeknownst to myself Adobe decided to stop releasing flash player for Macintosh as a package sometime this summer. This is very inconvenient when trying to deploy the player on multiple machines in order to push patches to security holes in their software. With a little poking around I found that the package is in the download you just need to extract it. To do so…

    1. Download the player from Adobe’s site
    2. CTRL-Click on the file and choose show package contents
    3. Open the “Contents” folder and then the “Resources” folder. Inside you will see a files called “Adobe Flash Player.pkg”
    4. Drag/Drop or copy that package somewhere and use that to deploy the player with Apple Remote Desktop

     


  • Silent Remote Installation of Mozilla Firefox 3.x-2

    By crmanski

    This is an example of how to deploy firefox remotely to your windows based domain client machines using psexec with proxy settings. First you need to download the latest 7-zip from here: www.7-zip.org after you have that installed find your firefox installer package. As of this articles writing the name of this file was “Firefox Setup 3.6.4.exe”. Right-click on it and choose the menu item under 7 zip called: Extract to Firefox Setup 3.6.4″

    Once the package unzips go into the directory called Firefox Setup 3.6.4 and have a look around.

    Home Page Setup:

    The first folder is called “localized” open the file called “browserconfig.properties” with wordpad and edit the urls to reflect the homepage that you want your clients to have. In my case the file looked like this when I was done…

    browser.startup.homepage=http://szone.berlinwall.org
    browser.startup.homepage_reset=http://szone.berlinwall.org

    There is also a prefs.js file in the localizeddefaultsprofile directory. You can add entries here is you like and they will be the default preferences. Having a look at about:config will give an idea of options that you can set: http://www.mozilla.org/support/firefox/edit#aboutconfig

    Proxy Settings:

    The proxy settings can be set in all.js file found in the nonlocalizedgreprefs folder. Search for the phrase proxy.type to jump to the part we are looking for. By default the value is 0 (no proxy). Setting the value to 1 will enable the proxy. If you have auto detection setup on your network you can use 4. Firefox 3 added the option of 5, which will use your “system” proxyIf your proxy was 192.168.1.1:8080 then you would make the file look like this…

    pref(“network.proxy.type”, 1);
    pref(“network.proxy.ftp”, “192.168.1.1”);
    pref(“network.proxy.ftp_port”, 8080);
    pref(“network.proxy.gopher”, “192.168.1.1”);
    pref(“network.proxy.gopher_port”, 8080);
    pref(“network.proxy.http”, “192.168.1.1”);
    pref(“network.proxy.http_port”, 8080);
    pref(“network.proxy.ssl”, “192.168.1.1”);
    pref(“network.proxy.ssl_port”, 8080);
    pref(“network.proxy.socks”, “192.168.1.1”);
    pref(“network.proxy.socks_port”, 1080);
    pref(“network.proxy.socks_version”, 5);
    pref(“network.proxy.socks_remote_dns”, false);
    pref(“network.proxy.no_proxies_on”, “localhost, 127.0.0.1,.192.168.1.1 , yourlocalserver.com”);

    There are a lot other settings in this file. Take a long look at it and make any changes you would like.

    Disabling Suggested Searches

    If you do not want hundreds of queries for search suggestions every time a single letter is typed in the search bar then open this file: nonlocalizeddefaultspreffirefox.js and search for “suggest”. You should find: pref(“browser.search.suggest.enabled”, true);

    Change it to: pref(“browser.search.suggest.enabled”, false);

    Disabling Application Updates

    When installing Firefox in an enterprise setting you do not want it to look for updates when a regular/non-admin user is logged on (You don’t let your users logon with administrators accounts do you?). In the firefox.js there is a line that looks like this: pref(“app.update.enabled”, true); Change that to: pref(“app.update.enabled”, false); and then your clients will not check for updates automatically.

    There are many other preferences in this file. Take a look at it and make any other changes you like.

    Remote Deployment

    Use the method that I share on this page: http://szone.berlinwall.org/win32/DeployinganInstallationPackagetoMultipleClients

    The batch file for firefox would be a little different than the example in that article. Something like this should work…

    echo “checking for Installers directory on the target…”
    if not exist %1C$installers mkdir %1C$installers
    if not exist %1C$installersfirefox3.6.4 mkdir %1C$installersfirefox3.6.4
    echo “copying Firefox install to install directory…”
    xcopy “MyServerUpdatesfirefox3.6.4*” “%1C$installersfirefox3.6.4” /e /y
    echo “Installing Firefox…”
    psexec.exe %1 “c:installersfirefox3.6.4setup.exe” -ms
    echo “All Done.”

    Credits: http://www.appdeploy.com/packages/detail.asp?id=357 (For the silent install switch)

    Moved Here


  • Silent Remote Installation of Mozilla Firefox 3.x

    This is an example of how to deploy firefox remotely to your windows based domain client machines using psexec with proxy settings. First you need to download the latest 7-zip from here: www.7-zip.org after you have that installed find your firefox installer package. As of this articles writing the name of this file was “Firefox Setup 3.6.4.exe”. Right-click on it and choose the menu item under 7 zip called: Extract to Firefox Setup 3.6.4″

    Once the package unzips go into the directory called Firefox Setup 3.6.4 and have a look around.

    Home Page Setup:

    The first folder is called “localized” open the file called “browserconfig.properties” with wordpad and edit the urls to reflect the homepage that you want your clients to have. In my case the file looked like this when I was done…

    browser.startup.homepage=http://szone.berlinwall.org
    browser.startup.homepage_reset=http://szone.berlinwall.org

    There is also a prefs.js file in the localized\defaults\profile directory. You can add entries here is you like and they will be the default preferences. Having a look at about:config will give an idea of options that you can set: http://www.mozilla.org/support/firefox/edit#aboutconfig

     

    Proxy Settings:

    The proxy settings can be set in all.js file found in the \nonlocalized\greprefs folder. Search for the phrase proxy.type to jump to the part we are looking for. By default the value is 0 (no proxy). Setting the value to 1 will enable the proxy. If you have auto detection setup on your network you can use 4. Firefox 3 added the option of 5, which will use your “system” proxyIf your proxy was 192.168.1.1:8080 then you would make the file look like this…

     

    pref(“network.proxy.type”, 1);
    pref(“network.proxy.ftp”, “192.168.1.1”);
    pref(“network.proxy.ftp_port”, 8080);
    pref(“network.proxy.gopher”, “192.168.1.1”);
    pref(“network.proxy.gopher_port”, 8080);
    pref(“network.proxy.http”, “192.168.1.1”);
    pref(“network.proxy.http_port”, 8080);
    pref(“network.proxy.ssl”, “192.168.1.1”);
    pref(“network.proxy.ssl_port”, 8080);
    pref(“network.proxy.socks”, “192.168.1.1”);
    pref(“network.proxy.socks_port”, 1080);
    pref(“network.proxy.socks_version”, 5);
    pref(“network.proxy.socks_remote_dns”, false);
    pref(“network.proxy.no_proxies_on”, “localhost, 127.0.0.1,.192.168.1.1 , yourlocalserver.com”);

     

    There are a lot other settings in this file. Take a long look at it and make any changes you would like.

    Disabling Suggested Searches

    If you do not want hundreds of queries for search suggestions every time a single letter is typed in the search bar then open this file: nonlocalized\defaults\pref\firefox.js and search for “suggest”. You should find: pref(“browser.search.suggest.enabled”, true);

    Change it to: pref(“browser.search.suggest.enabled”, false);

    Disabling Application Updates

    When installing Firefox in an enterprise setting you do not want it to look for updates when a regular/non-admin user is logged on (You don’t let your users logon with administrators accounts do you?). In the firefox.js there is a line that looks like this: pref(“app.update.enabled”, true); Change that to: pref(“app.update.enabled”, false); and then your clients will not check for updates automatically.

    There are many other preferences in this file. Take a look at it and make any other changes you like.

     

    Remote Deployment

    Use the method that I share on this page: http://szone.berlinwall.org/win32/DeployinganInstallationPackagetoMultipleClients

     

    The batch file for firefox would be a little different than the example in that article. Something like this should work…

     

    echo “checking for Installers directory on the target…”
    if not exist \\%1\C$\installers mkdir \\%1\C$\installers
    if not exist \\%1\C$\installers\firefox3.6.4 mkdir \\%1\C$\installers\firefox3.6.4
    echo “copying Firefox install to install directory…”
    xcopy “\\MyServer\Updates\firefox3.6.4\*” “\\%1\C$\installers\firefox3.6.4\” /e /y
    echo “Installing Firefox…”
    psexec.exe \\%1 “c:\installers\firefox3.6.4\setup.exe” -ms
    echo “All Done.”

    Credits: http://www.appdeploy.com/packages/detail.asp?id=357 (For the silent install switch)


  • MYSQL Replication: Changing a Slave Database Server to be a Master-2

    By crmanski

    Senario:
    Our webservers use a database backend which is also replicated to two other servers. In the even that there is a failure then one of the others can take over. oldserver1.berlinschools.org was not doing well and was also the master in a mysql replication setup with two “slave” servers. One older (olderserver2.berlinschools.org) and one basically new (newserver.berlinschools.org). The need was to make it so oldserver1’s master status was passed onto newserver and oldserver2 would look to ne for slave updates.

    Preparation:
    To make this easier on myself first in preparation I made sure that every php/mysql web app that I have running is using a dns name for its mysql server setting (drupal, moodle, gallery, xoops, etc). I choose master.berlinschools.org. To test this name I made sure that the command: dig master.berlinschools.org would respond correctly. I also checked the hosts file for entries. One did have this setting, because it was using an external service provider’s DNS instead of our internal.

    Making it happen:
    I opened 3 separate terminals to each mysql server and logged in as root. Then I logged onto mysql as root with this command…
    mysql -u root -pMyMYSQL-PasswordHERE (Note: no space between -p and the actual password)

    DNS:
    I moved back to my dns configuration and punched in the new ip address for the mysqlmaster dns entry and forced DNS to update. I updated the HOST file on the one that needed it.

    MYSQL:
    On the master first ran…
    FLUSH LOGS;

    On the new master I ran…
    STOP SLAVE;
    RESET MASTER;
    CHANGE MASTER TO MASTER_HOST=’newserversIPaddress’;

    On the slave I ran…
    STOP SLAVE;
    RESET MASTER;
    CHANGE MASTER TO MASTER_HOST=’newserversIPaddress; (current IP of newserver)
    START SLAVE;

    Back to the old master I ran…
    STOP SLAVE;
    RESET MASTER;
    CHANGE MASTER TO MASTER_HOST=’newserversIPaddress’;
    START SLAVE;

    See the MYSQL official replication FAQ for more information:

    http://dev.mysql.com/doc/refman/5.0/en/replication-faq.html


  • MYSQL Replication: Changing a Slave Database Server to be a Master

    By crmanski

    Senario:
    Our webservers use a database backend which is also replicated to two other servers. In the even that there is a failure then one of the others can take over. oldserver1.berlinschools.org was not doing well and was also the master in a mysql replication setup with two “slave” servers. One older (olderserver2.berlinschools.org) and one basically new (newserver.berlinschools.org). The need was to make it so oldserver1’s master status was passed onto newserver and oldserver2 would look to ne for slave updates.

    Preparation:
    To make this easier on myself first in preparation I made sure that every php/mysql web app that I have running is using a dns name for its mysql server setting (drupal, moodle, gallery, xoops, etc). I choose master.berlinschools.org. To test this name I made sure that the command: dig master.berlinschools.org would respond correctly. I also checked the hosts file for entries. One did have this setting, because it was using an external service provider’s DNS instead of our internal.

    Making it happen:
    I opened 3 separate terminals to each mysql server and logged in as root. Then I logged onto mysql as root with this command…
    mysql -u root -pMyMYSQL-PasswordHERE (Note: no space between -p and the actual password)

    DNS:
    I moved back to my dns configuration and punched in the new ip address for the mysqlmaster dns entry and forced DNS to update. I updated the HOST file on the one that needed it.

    MYSQL:
    On the master first ran…
    FLUSH LOGS;

    On the new master I ran…
    STOP SLAVE;
    RESET MASTER;
    CHANGE MASTER TO MASTER_HOST=’newserversIPaddress’;

    On the slave I ran…
    STOP SLAVE;
    RESET MASTER;
    CHANGE MASTER TO MASTER_HOST=’newserversIPaddress; (current IP of newserver)
    START SLAVE;

    Back to the old master I ran…
    STOP SLAVE;
    RESET MASTER;
    CHANGE MASTER TO MASTER_HOST=’newserversIPaddress’;
    START SLAVE;

    See the MYSQL official replication FAQ for more information:

    http://dev.mysql.com/doc/refman/5.0/en/replication-faq.html


  • Can the Conflicker Worm be removed?-2

    By crmanski

    Over the last few months I have seen and heard or quite a few computers infected with the “Conficker” worm ( also know as Downup, Downadup and Kido). It is truly a nasty piece of software that ingrains itself so far into the system that it has been impossible to remove from any of the systems that I had not personally secured myself with the steps I outline here. That one machine the person had actually clicked on the “yes” button to install the worm. Luckily it was with the non-administrative account and I was able isolate the files and remove them.

    I did some research around the web on so called removal instructions and came across Microsofts…

    microsoft.com – “How do I remove the Conficker worm? If your computer is infected with the Conficker worm, you may be unable to download certain security products, such as the Microsoft Malicious Software Removal Tool or accessing certain Web sites, such as Microsoft Update. If you can’t access those tools, try using the Windows Live OneCare Safety Scanner.”

    This is totally useless. I’ve spent hours using a manually downloaded MSRT and the Live OneCare Scanner. It might tell you that it cleaned the machine and the everything will look good, but after a couple reboots and even opening Internet Explorer once will bring it right back. You might be able to “remove” it, but the problem of Windows XP or Vista setting up all home user account as administrators of the local machine still exists. The point of infection is still available and any account that uses the computer can infect the system. Try to remove this infection is an exercise in futility.

    If you have been infected I think it is best if you backup your documents and re-install the Operating system from scratch (Don’t forget to scan them with an update Antivirus before putting them back on your computer). This way you can be truly sure that there is no infection. It is not wise to trust a machine that has had such a bad infection. This is especially true for someone who does online banking or conducts other business transactions on the Internet. It is better to start fresh and make sure that the system is secure. Follow the steps on the checklist. If you cannot, then find someone that can.

    Technology:


  • Can the Conflicker Worm be removed?

    By crmanski

    Over the last few months I have seen and heard or quite a few computers infected with the “Conficker” worm ( also know as Downup, Downadup and Kido). It is truly a nasty piece of software that ingrains itself so far into the system that it has been impossible to remove from any of the systems that I had not personally secured myself with the steps I outline here. That one machine the person had actually clicked on the “yes” button to install the worm. Luckily it was with the non-administrative account and I was able isolate the files and remove them.

    I did some research around the web on so called removal instructions and came across Microsofts…

    microsoft.com – “How do I remove the Conficker worm? If your computer is infected with the Conficker worm, you may be unable to download certain security products, such as the Microsoft Malicious Software Removal Tool or accessing certain Web sites, such as Microsoft Update. If you can’t access those tools, try using the Windows Live OneCare Safety Scanner.”

    This is totally useless. I’ve spent hours using a manually downloaded MSRT and the Live OneCare Scanner. It might tell you that it cleaned the machine and the everything will look good, but after a couple reboots and even opening Internet Explorer once will bring it right back. You might be able to “remove” it, but the problem of Windows XP or Vista setting up all home user account as administrators of the local machine still exists. The point of infection is still available and any account that uses the computer can infect the system. Try to remove this infection is an exercise in futility.

    If you have been infected I think it is best if you backup your documents and re-install the Operating system from scratch (Don’t forget to scan them with an updated Antivirus before putting them back on your computer). This way you can be truly sure that there is no infection. It is not wise to trust a machine that has had such a bad infection. This is especially true for someone who does online banking or conducts other business transactions on the Internet. It is better to start fresh and make sure that the system is secure. Follow the steps on the checklist. If you cannot, then find someone that can.

    Technology:


  • Drupal Load Balancing-2

    By crmanski

    When being responsible for more than one site you being to worry about the time when things go wrong and how to avoid downtime of sites you are in charge of. I read a pretty good article about clustering and scaling a drupal website (http://www.johnandcailin.com/blog/john/scaling-drupal-open-source-infrastructure-high-traffic-drupal-sites) and I have been implementing some of the things that are suggested. I have 3 linux web servers to work with, all of varying age and ability. If one of them goes down, eventually I want the the others to take over.

    Notes on File Syncing

    While going through a few things and reading the comments on the above page I decided to use unision (http://www.cis.upenn.edu/~bcpierce/unison/) to check for changes to the /files directory and sync them between the webhosts. After the initial first run, it is very robust and i will have multiple locations that have an exact copy of the data files. I run two different processes from the same host like this…

    unison -silent -repeat 030 /var/www/drupal/files/ ssh://www1.example.org//var/www/drupal/files/  -log -logfile /var/log/unison/www1.log &
    unison -silent -repeat 030 /var/www/drupal/files/ ssh://ww2.example.org//var/www/drupal/files/ -log -logfile /rvar/log/unison/www2.log &

    These lines above will make unison wait 30 seconds before checking for changes. I just Added these to the /etc/rc.local file so that they will start on boot up and used ssh rsa key authentication to avoid the scripts from asking for a password. (This page covers this pretty well, just adjust it to your environment: http://backuppc.sourceforge.net/faq/ssh.html ) To make sure that the two processes are running on the server I used the webmin Server Status module to add a check that looks for at least two unison processes.

    Notes on load balancing with apache mod_proxy

    There were a few things that I had to figure out on my own with going throught step 2. I was turning a single server/database setup into a front end server. On the front end server make sure to remove the directives or you will not be able to get to the balancer manager ui. (I just commented mine out in case I needed to go back.)

    Since I have serveral virtual hosts on my server. I opted to leave the /etc/apache2/mods-available/proxy.conf file alone. I did not want to change “Deny from all” to “Allow for all” globally. Thus my config in the front end’s virtual host ended up looking like this. I’ll use szone.berlinwall.org as an example…
    (changes in bold)

    <Location /balancer-manager>
        SetHandler balancer-manager
    
        Order Deny,Allow
        Deny from all
        Allow from 127.0.0.1
    </Location>
    
    <Proxy balancer://szonecluster>
        Allow from All  
          # cluster member 1
          BalancerMember http://szone1.berlinwall.org:80 route=szone1
    
          # cluster member 2
          BalancerMember http://szone2.berlinwall.org:80 route=szone2
    </Proxy>
    
    ProxyPass /balancer-manager !
    ProxyPass / balancer://szonecluster/ lbmethod=byrequests stickysession=SZONEID
    ProxyPassReverse / http://szone1.berlinwall.org/
    ProxyPassReverse / http://szone2.berlinwall.org/
    A Note on Drupal configuration.

    In the settings.php on each balancer in addition to setting the variable $cookie_domain = 'szone.berlinwall.org'; I also had to set $base_url = 'http://szone.berlinwall.org'; as well. If I did not then when I used the site search the links to the results had either szone1 or szone2 in them.