After quickly checking to see who was currently logged in (as well as those that had just recently been logged in), I wanted to see the command history for each user on the server.

Before I go any further, let me say a few important things:

There are more shells than bash

Each shell has its own history options and files. Don’t assume that because you found all the .bash_history files on a machine that you have all shell histories.

And all the zsh proselytes said “Amen.”

.bash_history is a suggestion not a rule

Bash’s history file (that’s the $HISTFILE variable) can be changed. Just because you found all the .bash_history files on a machine doesn’t mean you have all of bash’s history.

Bash history is a convenience not a reporting tool

Bash history can easily be altered for both good and bad purposes. It is not to be relied on as a a way of seriously auditing what has been done on a server. For that kind of thing, look at auditd.

Scan all .bash_history files

The above notwithstanding, if you want to quickly scan your machine’s .bash_history files consider the following options.

The first is dead simple, and I thank @etrever, @evilchili and Gilles over at unix.StackExchange.com for this method (I’m still getting my *nix chops).

grep -e "stuff goes here" /home/*/.bash_history

Yep, simple as that. This is of course assuming that 1) All user folders are standardized, and 2) your history files all share a common name. If the previous two things are true, this is a great, quick way to see things like… oh… say… “Who just went all chmod -R 777 on the httpdocs folder?!“

However, if you want a slightly more robust way of searching through all bash history on a machine that takes the home folder ambiguity out of the equation, Gilles from the Unix & Linux Stack Exchange had an awesome solution.

getent passwd |
cut -d : -f 6 |
sed 's:$:/.bash_history:' |
xargs -d '\n' grep -H -e "$pattern"

I had never seen the ‘getent’ tool before which gets entries from the following administrative databases: ahosts, ahostsv4, ahostsv6, aliases, ethers, group, gshadow, hosts, netgroup, networks, passwd, protocols, rpc, services, and shadow. ‘Cut’ segments the input by a colon and then selects the sixth field which is each user’s home directory. Sed works its magic to take the input and append it with the probable location of the .bash_history file. Finally grep is fed each path and searches for our pattern.

Certainly, if there is a question about the existence of other shells or if you want to be certain that your history file really is called .bash_history, you’ll need to add some extra logic in. However, for my scenario, this was enough to get me going.

Unfortunately, I was made painfully aware of how bash history is a mere user level convenience and not an auditing tool. Nothing malicious was done to the server and nothing terribly bad was done, however as I looked deeper into what could have happened, I realized that a much more thorough auditing trail might be needed in the future.

How do you handle shell history? Do you implement any special tricks to make it more reliable or do you use an entirely different system to keep track of commands that have been run?

While performing the migration of my WordPress 3.3.1 blog, I used the “export” and “import” features to move my content. Upon trying to import the .xml file into my new WordPress installation that the export feature on the old installation had created, I hit upon this error:

Sorry, there has been an error.This does not appear to be a WXR file, missing/invalid WXR version number

My Solution

Downgrade to WordPress 3.2.x, perform the importation and then upgrade to the latest version.

Downgrading can take two forms: simply reinstalling WordPress from the ground up using an older version or taking the files of an older version and overwriting all existing 3.3.1 files with the exception of the wp-config.php file. Do not overwrite the wp-config file of the WordPress installation that you are trying to import into.

To find old versions of WordPress, visit the WordPress Release Archive. Make sure not to download one of the beta or release candidate files. Also, be aware if you’re site uses the MU version of WordPress. The files for MU installations are separate from the non-MU files.

Other Solutions

There are other possibilities as to why you cannot import your XML file.

The first is to look in the XML file and, near the top, add the line “<wp:wxr_version>1.1</wp:wxr_version>” (without quotes) just after the language definition declaration. For more information, see this WordPress Support thread.

Another possibility is that PHP safe_mode might be turned on and causing problems. safe_mode being on does not in itself guarantee that it is the cause of this problem, but it could be. You will need to contact your web host and ask if safe_mode is turned on. It is common for shared web hosts to enable it.

Wrong.

However, a quick-n-dirty way of doing this is with the “stat” command using the -c switch. Stat itself will show you file or filesystem status information. The -c switch allows you to customise the output. To see file permissions in octal use the “%a” format sequence. I toss in a few other format sequences for my tastes:

stat -c "%n %a %G %g" IMG_0346.MOV
IMG_0346.MOV 664 wesley 500

The file’s name is shown as a result of %n, %a shows octal permissions, %G shows the owner’s group name and %g shows the owner’s group ID.

To see the octal permissions of the contents of an entire directory (in this case my Downloads directory) simply use a star thusly:

stat -c "%a %n" Downloads/*
 
664 Downloads/localhost.sql
664 Downloads/premium-pixels-fancy-pants-blog-magazine-theme.zip
755 Downloads/premium-pixels-package
644 Downloads/readme.html
664 Downloads/RobDuck1.JPG
664 Downloads/RobDuck2.JPG
664 Downloads/socialite-modern-wordpress-theme.zip

This isn’t my ideal, however. I’d really like ls to have the option. Perhaps there’s some bastardized and recompiled ls out there. Have you ever wanted to see octal permissions on your filesystem lists? How did you go about achieving that goal?

Remote desktop connections to a Windows Server 2008 R2 Enterprise server were absurdly slow. Refresh times were as high as ten seconds. No amount of lowering the connection settings on the remote desktop connection would increase the speed. This problem occurred from Windows Vista and 7 clients connecting to the Windows Server 2008 machine. It did not happen when connecting via RDP from Linux machines.

My Solution

On the Windows Server 2008 machine, navigate to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Add a new DWORD and give it the name DisableTaskOffload. Set the value on the new DWORD to 1.

More Information

Many articles on the web about slow RDP speeds will focus on Receieve Side Scaling (RSS) and Autotuning. I tried turning both of those off using the following method from an elevated command prompt:

netsh interface tcp set global autotuning=disabled
netsh interface tcp set global autotuninglevel=normal

That did not help matters any. For more information on Windows network offloading, see this old article from 2001. Here are some other references to disabling task offloading that might be of interest

• Slow performance when you try to access resources on your Virtual Server 2005 host computer from a guest virtual machine
• Information about the TCP Chimney Offload, Receive Side Scaling, and Network Direct Memory Access features in Windows Server 2008
• You experience intermittent communication failure between computers that are running Windows XP or Windows Server 2003

I was doing simple desktop support style work for a small organization that I’ve been acquainted with for several years. They’re a satellite of a larger, multi-million dollar organization, but are largely self contained. That includes finding their own IT support which, prior to me becoming acquainted with the leaders, consisted of nagging anyone’s sons or daughters who could glance at a computer and not immediately explode from hypertension.

“I dunno why your laptop is the only one that does this,” I said into my headset as I rubbed my forehead hard. This was a remote case. My home office is in Phoenix, Arizona and this organization was in another state, two time zones and 2,000 miles away. I had given up hopes that the day wouldn’t be totally consumed by this call. It was a simple matter of installing an online backup client and trying to track down some strange problems with Microsoft Office – but things kept going oddly awry.

I use CrossLoop at the moment as my go-to remote support tool. It’s a bit bare-bones and I’m not entirely happy with it, but it’s the best free tool I have at the moment before I commit my money to a fuller product. I’ve been deeply involved with comparing other remote support tools and am nearing a final decision (oh if only I could afford a Bomgar appliance). Until then, I deal with CrossLoop.

“There it is! Took ten tries that time!” the elder gentleman drawled in victory. He was well past retirement age, but was far from retiring. He was no fool – having done many successful things for many people over many years. He was currently in an unusual two-week period of rest in-between world travels. He had just come back from galavanting around the US at sundry speaking engagements and was planning a trip to Africa to lead a small group. That would likely not be his only trip out of the USA for 2012.

I connected to his laptop and began my tasks. In the course of my support work for him I had to reboot the machine a few times. That required the user to launch the CrossLoop executable file after logging in and once again starting the mysteriously recalcitrant process of getting connected to me.

If anyone reading this is familiar with remote support tools, CrossLoop works no different than most do. The person who needs support launches the program and reads an access code to someone else. That other person then enters the user’s access code into their own instance of CrossLoop. The one requesting support must click a “Connect” button which then contacts CrossLoop’s mediation service. The one who will be connecting also clicks their “Connect” button and the connection is brokered by the mediation service. After clicking the connect button, the button immediately turns into a “Disconnect” button so that either party can instantly end the session.

All in all it works out pretty good. Except for this one laptop.

“Great! Only took four tries this time!” the man chuckled. As I worked on the issues that I was contacted to help with, I was also trying to decide how to tackle this mysterious CrossLoop problem. It seemed unlikely that it was a network issue. I never had problems with his internet connection while I was connected. No complaints about dropped downloads, or wireless signal or anything else had been lodged. It happened regardless of where the user was located, so it seemed like it wasn’t an ISP problem.

Some very strange issues with the laptop’s applications made me wonder if there was deeply hidden trouble with the OS itself. Perhaps some fundamental driver or DLL file was corrupted in such a way that caused lossy communication under certain circumstances? I just couldn’t figure it out.

“Okay, to finish this up, I’ll need to log you off of this current user and log back in as a different user.” Unfortunately, CrossLoop requires a user to be logged in before it can be launched and receive / sustain connections. Every logout / logon event caused the user to have to re-connect with me. Of course, as it had to happen, that day’s problem narrowed down to a corrupt Windows user profile. I had to log off and log on multiple times in the course of troubleshooting and ultimately migrating files.

“Here’s your new code.” The man recited a series of numbers to me. I entered them and clicked my connect button while waiting for his side to finally “go through.”

I stared at the connection screen. I like the “Disconnect” button that shows up immediately after you click “Connect.” Just look at it! Big, chunky and orange with a nice call to action printed on it. I’ve been a student of conversion rate optimization for a little while now and am getting more into doing eCommerce sites for clients. “That’s a nice orange button. It should be used as a checkout button…”

“Whew! Eleven times that time!” This was absurd. I had to figure out why this was happening.

After some more work, I had to reboot the laptop once again. Of course, the user had to once again open CrossLoop and initiate the connection to me.

“Oh! Hey, you know what? I think the times that I’ve connected right up to ya’ll has been when I only clicked the connect button once instead of double clicking.”

I inhaled sharply.

“Ayup! I click the “Connect” button just once and it hooks right up to you!”

Prizes were awarded to those who achieved the 10,000 point goal as well as for those who reached the halfway point of 5,000 points. Ten-thousand point earners won a Buds Luxury Duck and five-thousand point earners won a Buds Mini Duck.

Some of the winners were able to submit a photo of their duckies.

Moirai must be giggling because Philip “Chopper3″ Buckley-Mellor already had quite a collection of Buds ducks. This contest allowed him to add to it as well as bask in his Britishness with a fancy Royal Guard duck.

Rob Moir received a pretty polka dotted duck. It matches perfectly with his pretty, pretty pony avatar.

I’m not really sure what’s going on here, but I’m a little weirded out:

Tom O’Connor is a rock star SysAdmin who is not afraid to be a bit edgy, and thus he won a rock star duck:

Here’s to you, ServerFault winners! May the upvotes continue to pour onto your worthy contributions.

I really didn’t know what to expect while cracking the cases open, but what I encountered made me stagger. When I opened up the case, I saw what amounted to a hard drive platter sitting loose on a plastic spindle:

The precious platters were protected by the mighty power of… bendy aluminium.

The bendy aluminium was held in place and allowed the freedom to move by a paper clip. Paperclips make the world go ’round!

I took a few more picture of the dissection and posted them on my Flickr account. Take a look at the ignominy here.

So how about it? Are you as appalled as I am that such a product made it to the consumer? Spew your ire in the comments below.

As a result, if you listen to the more rabid proponents, the following is The One True Solution to all systems engineering and administration problems.

If anyone wants to take a critical exploration of the DevOps movement, holla!

In a recent post by Matt Simmons titled “The real loser in software piracy isn’t who you think“, the Standalone SysAdmin posits an interesting theory. To summarize, software piracy may cost better, alternative products their userbase. If people need to twiddle a few pixels, the Photoshop brand immediately captures their attention. As a result a person may pirate Adobe’s software when a better, less expensive or possibly free alternative to Photoshop would have been just as good.

I completely agree with the above, and it’s a viewpoint that I had never considered outright. I think I’ve thought along those lines without realizing it though. In my experience, if someone with only a little computer background wants to put an all-in-one server in their office to manage printing, file shares, their internet gateway and etc. I am slightly disappointed that Microsoft’s Small Business Server product is usually the first and only product that comes to mind. There are so many alternatives! ClearOS, Untangle, and others are awesome alternatives often with a free tier that can get you started.

However, because the SBS brand is so large, and people think “I guess that’s what I need,” they’ll likely implement it and never consider the alternatives. In some instances, they may improperly license the software. If even just one quarter of the organizations that are not properly licensing SBS would move to an alternative product, I believe that would make the industry better. Microsoft would see clear competition from the growing userbase of other products and have a better idea on how to improve. The alternative products would increase their userbase and know how better to support their customers. Customers get great products all around! Generally speaking, it would be a win-win situation for everyone involved.

Often in discussions concerning software piracy the supposed dollar amount of lost revenue for the software company is brought up. Upon investigation those numbers are built on some flimsy presuppositions about the buyer’s intent. Users of software will often not truly be legitimate candidates to purchase the software. However, this is where I find the topic to be most interesting. When the topic of morality gets introduced is when things get fascinating. That’s also when you’ll see some truly jaw dropping logical and philosophical gymnastics.

Let’s talk a bit about morality. Are there absolutes or are there not? Is this purely a financial equation or is there more at stake here?

Definition of Terms

I’ll be using some quotes from Matt’s post as my springboards, but not as a direct response to him (this isn’t about two people disputing, but about different and yet related ideas being fleshed out). Also, I’m not focusing on the recent takedown of MegaUpload. I’m also not focusing on one pirated product over another. This is as generalized as I can be.

The first thing that needs to be determined in talking about “software theft” is “what is theft?” From Matt’s post:

As many people have said, theft is the taking of something which deprives the owner of use.

Before any topic can be given a thorough treatment, a definition of terms must take place. In this case, I’ve never heard of theft being defined as the deprivation of use from an owner. Perhaps it’s regional? That definition sounds more like some definitions of larceny. Theft does not, in my layman’s understanding of the term, primarily consider deprivation of use. Theft is usually defined along the lines of the taking of property that is owned by one person or entity without their consent. No validity is given to the consideration of if the object was useful to the original owner.

Perhaps you’ve seen dilapidated cars from two or more generations ago sitting on a farm. Certainly the owner is receiving no use from it, but taking it would still be considered theft (although I realize there are often tiered designations to the types of theft based on the dollar amount of what was stolen). That is, theft is defined as the taking of property that is owned by one person without their consent.

Certainly in the realm of software it gets tricky because you’re not dealing with cut-and-dried physical goods. In the physical world, it would be as if you could clone the junked automobile and then use it (perhaps for scrap metal, I don’t know). But you can’t perform an atomic copy of something in the physical world so it’s a moot point. Yes, you can copy a design and get in trouble with copyright infringement, but that seems to be an entirely unrelated phenomena. In the virtual world, you can perform an “atomic” copy of a thing – and that fact blurs some lines slightly.

However I believe the key to the situation is a realization that license terms on a software package define what acceptable use is. One you take those terms into account it is easier to understand how theft would be defined in the case of intangible software. Software companies by and large do not “sell” the software to you, but basically sell you the right to use it. It’s a contract for use. If a contract states that in order to use some software you have to pony up some cash then it “is what it is” and no amount of legal wrangling can reverse that. Going outside of that contract would be considered some form if illegal activity.

In the end, it is a non-consensual use of a product that has certain restrictions made upon it. Perhaps the term “theft” is over simplifying the behavior. Perhaps “breach of contract” would be better? That might be especially true since most software makes you accept an agreement before you can use it. Technically you are then bound by that contract. Define it how you will, we’re still dealing within the realm of morals, so at least we haven’t gotten too far off track.

Of course, I also find it laughable whenever software piracy is mentioned and people assign monetary value to the “stolen” software…as though the options were either “steal this software” or “pay for it”. A false dichotomy if I ever heard one.

If people say “one million copes of this software have been stolen, and the software costs $500 per copy, that means the company has lost half a billion dollars!!1!” then they are most certainly making a false dichotomy. Not all of the one million people have $500 to spend and even if they did, they would not necessarily spend it on that software if they were forced to make a choice.

This is where, often, the conversation with someone turns finances into morality. “Well I wouldn’t pay for it anyway!” or “I only use it once in a great while!” or, my favorite, “The software company has plenty of money. They’re not losing that much because of me.” As if, somehow, arguments of convenience or shareholder meetings shift the foundations of right and wrong.

Finances Vs. Morals

Certainly the dollar amounts that are brought up around software piracy are smeared around to make the software companies seem like helpless victims. When you look into the numbers, it’s highly unlikely that Adobe, Microsoft, Autodesk, Symantec and etc. aren’t losing a ton of real money. They might even be gaining value in the long run with their products being used by more people who carry that brand in their minds from then on.

However is the discussion about software piracy all about numbers and branding? Can a person change right and wrong based on their own convenience or their determination of how much a company needs more currency?

I’d like to focus this topic less on the numbers and more on how one behaves after digesting the numbers. My question for us all to think about is this: What determines right and wrong? Here are the numbers and a fairly accurate interpretation of them:

[Those that download commercial software without paying] didn’t have $500 to buy photoshop. Did Adobe really lose that $500 that wouldn’t have been paid to them? No.

Most of us would agree with that. Framed within the context of “a person doesn’t have $500 and furthermore wouldn’t spent it on the software if they had it” then the software maker didn’t lose money. However, if we then take that likely reality and use it to excuse a breach of contract, we start determining right and wrong based on profit and loss. In the presence of moral absoulutes, a thing that has certain contractual usage restrictions on it being used outside of those restrictions is still wrong. Typically, that “wrongness” is only superseded if there is considerable harm to another person unless that contract is broken.

“That money didn’t exist. Assigning it a value is dishonest.”

Certainly the numbers are trumped up to an extent. On that there is little dispute. Where do we go from here? Can we go from “I don’t have the money to buy this software,” to “I’m going to intentionally break a contract so that I can use it anyway”?

At this point in a discussion on software licensing (or music, movie and other entertainment licenses), the discussion usually continues spinning its wheels. Volleys of words like “fair”, “greedy”, “corporations” and “big business” get lobbed.

A product has value independent of a person’s ability to pay for it. A product is then sometimes priced disproportionate to its value. Or, oddly, value is manipulated by price, but that’s another discussion. If a company, within their legal rights, sets a price on a product that a person feels is disproportionate to its value, does that person’s personal evaluation of the price/value equation allow them to morally break contract and use the software outside of its licensing restrictions?

We could argue about the fairness of current licensing practices, the greed of corporate licensing practices, the value of a product in comparison to its price and if software patents are detrimental (please, no GPL fanbois). Those things are important to talk about, however in the context of determining morality, if those smell fishy, that’s because all of them combine to form one giant red herring distracting us from the real point. The real point is centered on how one determines right and wrong.

Absolute Uncertainty

The question of absolutes now comes up. Is it ever right to take something that is not yours? If a loved one is dying, and you can steal medicine to save their life, is it wrong? If you and others are locked in a prison camp during a war and face almost certain death, is stealing the keys from the guards okay? Is killing your guards okay?

Those are extreme examples, but valid nonetheless and thus not in the realm of straw men. It shows us that, usually, there is a line when theft and even killing become acceptable. (Even so, there are those who believe in pacifism to the point of never fighting back even in the defense of your or another person’s life.)

The question remains, is there ever a time when it is acceptable to break a contract or license? Once you figure that out you can answer the following questions with certainty and be able to backup your view: When is it okay to break a contract? When is it okay to perform an act that is punishable by law? Does solvency determine right and wrong and if so when?

I think moral absolutes is the heart of the issue of software being used outside of license restrictions (I hesitate to call it “theft” or “piracy”). If there are none, then this topic is wasted energy. If there are absolutes, but they contradict honoring software licensing then we should at least define them and be aware of why we do what we do. If there are absolutes, and they say to honor law in so far as the law does not clearly contradict other absolutes (e.g. a law requiring you to punch a random person in the face), then the topic is rather simple, in spite of arguments about practicality. Your pragmatic need for a software title notwithstanding, show some fortitude and don’t break a contract / license agreement (essentially dishonesty). Go find a product whose licensing you agree with or do without.

For myself, I am a license pest. I actually read some EULAs. I actually follow them to the best of my ability. For example, I recently bought an OEM copy of Windows 7 for a workstation I built for my small business. According to strict licensing interpretation you are not allowed to install the OEM version of Windows straight onto a PC from the DVD. You are supposed to use the OEM Preinstalltion Kit or the Express Deployment Toolkit. So, I got rid of the installation that I had initially made, turned one of my other PCs into an EDT server and installed the OEM version of Windows across my home network onto my workstation.

Who would have known? What difference does it really make? For one, I would have known. Secondly, I believe the difference is in how a person continually builds their character. If you are unfaithful in the little things, it makes unfaithfulness in bigger things a little bit easier to justify. If people that I know have little or no problem breaking contracts and licenses, my trust in them is eroded. If a person rationalizes things in such a way as to take relatively clear cut restriction and justify breaking them in the absence of clear harm to another person, i wonder what else that person could justify.

I am not here to point fingers, flex my “morality,” or get anyone to behave the way I do. I am here to encourage you to stop and consider yourself. Stop and consider why you choose what you do. Consider why you think what you think. Consider everything. Have a reasoned defense. A new topic that has been intriguing me is that of dialectic reasoning. One of my favorite quotes is attributed to Socrates:

The unexamined life is not worth living for a human being.

Do not live an unexamined life.

What do you think about software licensing? Is it okay to break the license terms? Is there a practical limit? I’d love to hear your thoughts.

The piercing comedy comes from the fact that this spam message does not seem to be simply packed with pseudo language to skirt around spam filters. It appears to be a legitimate attempt at ensnaring new customers for a cut-rate web hosting service in… shall we say… a certain Cyrillic-using Eastern European country. Also, the entire message was in 24 point Times New Roman, blue and underlined.

To whomever crafted this treasure of the English language (or whoever ran it sideways through a Slavic -> Huli -> Ewok -> English -> Chinese -> Inuit -> English translator), I shower you with virtual rose petals. You, dear ones, are my heroes for the day.

Welcome to e…e.biz !

We also provide services DDoS’a!

Every day our world is moving forward, walking in the footsteps of new technologies. With the development of the Internet and poyavlyaniem any electronic goods, and hence the electronic money. Currently, the volume of transactions on the Internet billions of U.S. dollars. And always someone with someone else is paying.

On our site you will be able to make the exchange of electronic money on the most favorable rate. We work with the most popular and liquid electronic payment systems of the world, including Liberty Reserve, Perfect Money, Liqpay and others.

Why are you with us advantageous?

The answer to this question is most important in the exchange – Safety and course. In two of these parameters, we offer you the best possible terms. Currency exchange rates in our exchange points are the lowest in the world. If you find a more profitable course of our – immediately vsyazhites with us and we will make the course even better! Our site is a business card – we do not ask, so do not keep data about you and your accounts. The transaction goes online (communicating with the operator), so both you and us are not afraid of break-ins.

Electronic Payment Systems

In the world there are many electronic payment systems. There is a very popular system, and there is less. Each system is different committees, the level of safety, liquidity, market and policy development on the Internet. Therefore, we only work with payment systems that allow their customers to easily make transfers in combination with high safety. Of the banks, we chose the largest and most reliable – Privatbank with his payment system Liqpay.

Constantly we are exploring e-commerce market and add areas of exchange of money online.

Sincerely Administration …

Contacts:

Email # 1: e…e.biz @ ya.ru

Email # 2: e…e.biz @ gmail.com

Skype: e…e.biz

ICQ: 6…390

E…e.biz

 The Takeaways

First, providing your customers with DDoSs is a selling point.

Second, “poyavlyaniem” isn’t a word, but it should be. So now it is. I think it means “Refunds will be paid in borscht.”

Third, seriously, why are you with us advantageous?

Fourth, the largest and most reliable bank is Privatbank with his payment system Liqpay

I hope you all learned something from this.