Loss of a Good Friend

Tortilla - My Friend

This morning i lost a good friend. Tor, you are going to be missed.

If there is an after life i am sure you will be waiting at the gate. Thank you for being my friend.

-sam

Posted in Personal | Leave a comment

Updating FreeBSD 6.2

Ah good old FreeBSD sometimes you forget that you actually have to patch it. While I am fairly good about keeping my release current, this is one of the few times that I have had to update because of an exploit that concerned me enough that I patched because of it. FreeBSD-SA-07:09.random.asc

Seeing this I also noticed my documentation on updating was out of date, especially in light of a few FreeBSD ports that now make it easier. This is the quick and dirty way of updating a 6.2 FreeBSD System

Dependencies: portmanager, portsnap, pkg_version

Applying Binary Security Patches

  1. Grab the latest binary updates

    # freebsd-update fetch

  2. Install the updates

    # freebsd-update install

  3. Check OS Level

    # uname -a

  4. Reboot the System

    # shutdown -r now

  5. Confirm Update

    # uname -a

Updating Software & Applications

  1. Update your ports tree

    # portsnap fetch

    If you are running Portsnap for the first time, extract the snapshot into /usr/ports:

    # portsnap extract

    If you already have a populated /usr/ports and you are just updating, run the following command instead:

    # portsnap update

  2. Display ports that need updating

    # pkg_version -vIL=

  3. upgrade installed ports:

    # portmanager -u

Posted in FreeBSD -- General | Tagged , , | Leave a comment

Changing UID and Shell in Leopard

Since Netinfo was replaced by Directory Services in Leopard there are several user based tweaks that I like to do. This had not been a problem on my Mac Pro since I did an upgrade, but I just got a new MacBook with a fresh install of Leopard. Now there are several user based tweaks I like to make. I change my UID to my standard one; it makes file sharing and remote work much easier. I am also a tcsh user. So there are two ways to adjust this sans NetInfo

1) GUI — Go to System Preferences > Accounts and right click (control-click) on the user you wish to modify. An advance window will appear and you can make changes here.

2) CLI — su – to root and run dscl

su –
dscl localhost
cd /Local/Default/Users

You can see all users by doing an ls and you can see the attributes of the users by catting the user (e.g. cat someuser ). Man dscl and man 8 DirectoryServices will give more info on changing attributes.

Posted in Mac OS X | Leave a comment

Leopard Upgrade and Parallels

Another problem I ran into is that Parallels v.3 network bridge mode stopped working. This is related to the fact that I did an upgrade and not a fresh install of the OS. Reinstalling parallels does not solve the problem. The following files need to me moved out of the way and a reboot done.

    /System/Library/Extensions/vmmain.kext
    /System/Library/Extensions/hypervisor.kext
    /System/Library/Extensions/helper.kext
    /System/Library/Extensions/ConnectUSB.kext
    /System/Library/Extensions/Pvsnet.kext
    ~/Library/Parallels/
    /Library/Parallels/
    ~/Library/Preferences/com.parallels

After the reboot a fresh install of parallels fixed the problem. Interestingly Fusion did not have the same problems.

Posted in Mac OS X | Leave a comment

Leopard and Photoshop v. 7

I just upgraded to Leopard and so far the first big problem I found is that Photoshop v.7 will not work. Granted this is an old version and designed to run in both classic and OS X, which I suspect is the cause of the problem.

Posted in Mac OS X | Leave a comment

Upgrading IBM pSeries 660 Memory

After sending most of my day on a memory upgrade, I discovered something fun. IBM pSeries 660 model 7026-6H1 Servers count their memory in quads and not pairs. Even though the memory vendor sells the upgrade kit as a pair.

Posted in AIX | Tagged , | Leave a comment

Fresh Start

I have recently left my job at Rockefeller University and move across the street to Weill Medical College of Cornell University. I thought this would also be an excellent time to pick the blog back up and see if I can make something of it.

At least it will be useful place to park tidbits as I learn the fun and exciting world of AIX HACMP and CACHE databases.

Posted in Personal | Leave a comment

Set Hostname for OS X

Append or edit /etc/hostconfig with the following:

HOSTNAME="machine.your.domain"

Posted in Mac OS X | Leave a comment

Creating Certificate Authority (CA) for a SSL Certificate

1) Create the certificate authority certificate and key. Make sure you remember the password you use. You will need to use it repeatedly.

mkdir /CERTS/ldap-certs/ca
cd /CERTS/ldap-certs/ca
openssl req -new -x509 -keyout ./ca.key -out ./ca.crt
echo 01 > /CERTS/ldap-certs/ca/serial
touch > /CERTS/ldap-certs/ca/index.txt

2) Create the openssl.cf file in /CERTS/ldap-certs

####################################################################
[ ca ]
default_ca = CA_default # The default ca section

####################################################################
[ CA_default ]

dir = /CERTS/ldap-certs/ca # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.

certificate = $dir/ca.crt # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/ca.key # The private key
RANDFILE = $dir/private/.rand # private random number file

# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext

#default_days = 365 # how long to certify for
default_days = 3650 # how long to certify for
#default_crl_days= 30 # how long before next CRL
default_crl_days= 0 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering

# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that.
policy = policy_anything

# For the ‘anything’ policy
# At this point in time, you must list all acceptable ‘object’
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

3) Generate a Certificate Signing Request

mkdir /CERTS/ldap-certs/server
cd /CERTS/ldap-certs/server
openssl genrsa -out hostname.key
openssl req -new -key hostname.key -out hostname.csr

4) Sign the hostname certificate with your certificate authority

openssl ca -config ../openssl.cf -out hostname.crt -infiles ./hostname.csr

Posted in FreeBSD -- General | Leave a comment

CAMP Shibboleth June 2006

Camp wiki

I am here for the conference on Shibboleth.

Posted in Personal | Leave a comment