Tech – Page 10 – Jay R. Wren

Martin Taylor and Bill Hilf on Linux at Microsoft

I have no idea why this old video (and part 2) shows up in this rss feed, but I am watching it.

It is interesting to hear Microsofts perspective on Linux and Open Source and how different it is from every Open Source user I know. It is also interesting to hear what Open Source means to Microsoft and how different the benefits are to Microsoft vs. those who use Open Source.

It is over a year old. I wonder if they have learned anything in the past year.

Dot Net Rocks! best show ever!

I just listened to the lastest episode of .Net Rocks! and I have to say it was one of the best shows yet. Why was is so great? Well, I am so glad that I asked. Ann Arbor was in the house. Diane Marsh and Bill Wagner were the guests and they were talking about “Non-MS Technology”. Don’t get me wrong, they related all of it to .NET, but it was great to hear them talking about Python, Turbogears, even Java and Groovy. I’ve been hearing a lot about groovy, and after reading the front page I’ll just call it Java’s Boo. Maybe it is because they are both hosted at The Codehaus. I prefer Boo. 🙂

Even if you could care less about .NET, give this show a listen. It is very interesting to hear a VB.NETer’s (Carl) take on whitespace meaning in Python. It is funny to hear because I remember having the reaction 10 years ago, and so I feel like I’m getting in touch with myself from when I first looked at python.

The show ended with the announcement that you can win tickets to CodeMash! AWESOME! I really wish I could make it to CodeMash.

P.S. Visual Studio 2005 has made me wait for 2 minutes for the last time. I’ve removed the F1 keybinding. I occasionally slip and press F1 and it makes my system unusable for 2 minutes while Visual Studio Help launches. Much like James Belushi in The Principal, I have said “NO MORE!”

Novell Open Audio on iFolder

I’m listening to Novell Open Audio and immediately at the start of the show I’m thinking “Jorge must have nagged these guys for this show”. And I keep listening and it has some great information, not just about the product, but also about the development process. iFolder design has been “temporarily” taken in house. I find this interesting because the software is open source and under the GPL, yes the process of creating the software is not transparent. The project looks dead. This podcast is much in response to the fact that the project looks dead. Yet we are assured by Novell that work is being done.

I find this very interesting because it is a very different open source model than most people think of when they think open source like Linux, Apache, CastleProject. These projects are developed by the public, in the public. But iFolder is developed by Novell, and during this time period, under closed doors.

I make no judgment about if this is good or bad. I don’t care. I’m not an open source or transparency insane person. I just point it out because I find it interesting.

About 10min into the podcast, Ted comes right out and says “If you are an Ubuntu fanboy… my friend Jorge Castro” Hahahaha. My initial suspicions were correct. Thanks for nagging the right people Jorge.

Querying Active Directory with Unix LDAP tools.

I want to run ldap queries against an AD, after all, AD is just LDAP, right?

Finding an AD server which to query can be done a number of ways. If you are on windows, an easy approach may be to use WMI or ADSI to ask AD where a domain controller is, but lets say you aren’t on windows. AD requires this information in DNS. One easy lucky way is server naming. You know that servers named Domain Controller or “DC” are probably a domain controller. I use the host command which comes with ISC BIND.

$ host -av myaddomain.myinetdomain.net
will give you a list (can be very long depending on your organization) of servers.

If that doesn’t show me what I what, I use this information How Domain Controllers are Located in Windows XP

$ host -av _ldap._tcp.myaddomain.myinetdomain.net
gives me a list of domain controllers which are listening for LDAP requests.

Now I can use ldapsearch to get the RootDSE. This doesn’t even require binding to the LDAP Directory

$ ldapsearch -x -h 192.168.199.10 -b '' -s base '(objectclass=*)'
Now the namingContexts attributes give me points off of which to start my searches. If you are familiar with AD then you should be familiar with these naming contexts. Of course one reflects my ad. e.g. dc=myaddomain,dc=myinetdomain,dc=net

If you happen to be in a large organization, take notice about some hints an helpers here. The serverName attribute often reflects the organizational structure of the AD. Is the AD organized by geography, business unit, or something else? The organizational unit in which this server is placed can give you hints.

From this point on you need to bind to the active directory. Now your account could be in any OU, so how do you know if you are cn=jsmith,cn=salespeople,cn=blah….. or if you are cn=jsmith,cn=Users,cn=blah… Well, quite cleverly, Microsoft extended the LDAP spec a bit and allows for binding with what they call a “User Principal Name”. You can login much like you would to a Windows computer.

$ ldapsearch -x -h 192.168.199.10 -b 'dc=myaddomain,dc=myinetdomain,dc=net' -s base -D 'jsmith@myaddomain.myinetdomain.net' -W
We know the domain portion of the User Principal Name from our naming contexts search before.

Now we can build all sorts of nice LDAP search expressions. Want to see all the computers in the domain?

$ ldapsearch -x -h 192.168.199.10 -b 'dc=myaddomain,dc=myinetdomain,dc=net' -s base -D 'jsmith@myaddomain.myinetdomain.net' -W '(objectclass=Computer)'
You can use AD’s Abiguous Name Resolution:

$ ldapsearch -x -h 192.168.199.10 -b 'dc=myaddomain,dc=myinetdomain,dc=net' -s base -D 'jsmith@myaddomain.myinetdomain.net' -W '(anr=smith*)'

Ultimately I want to search for computers in the Active Directory which have not been used in a while. Forgetting for a moment that lastLogon is not replicated in AD, how can we do this? or how can we even tell what that lastLogon value means. When I look at my ldap entry I get this for the lastLogon attribute:

$ ldapsearch -x -h 192.168.199.10 -b 'dc=myaddomain,dc=myinetdomain,dc=net' -s base -D 'jsmith@myaddomain.myinetdomain.net' -W '(anr=smith*)' lastLogon ... accountExpires: 9223372036854775807 lastLogon: 128082628734460625 pwdLastSet: 128074920542439359

It turns out (and this is no joke) that this number is the time in some ANSI standard that is the number of 100 nanosecond intervals since January 1st, 1601. Ugh… There is much good information about this in the Dandelions technet article. I solved the problem of reading this using pythons AWESOME datetime module.

#!env python  from sys import argv
from datetime import datetime,timedelta
ansiTimeStart = datetime(1601,1,1)
lastLogon = timedelta(seconds= long(argv[1]) / 10000000)
#rfc822- with borked timezone 
if len(argv) and argv[2]=='-r':
print (ansiTimeStart+lastLogon).strftime("%a, %d %b %Y %H:%M:%S +0000" )
else:
#or ISO 8601
print (ansiTimeStart+lastLogon).isoformat()

So now I can send one of those crazy ansi dates and get a real date in either rfc822 format or iso8601 format.

$ ./ansidate 128082628734460625 -r Fri, 17 Nov 2006 18:47:53 +0000 $ ./ansidate 128082628734460625 2006-11-17T18:47:53

Now what if I want to query for all computer records in a domain which have not had thier password set since August 1st, 2006. I have to find that crazy date. I just use python interactive for this.

$ python ... >>>(datetime(2006,8,1)-datetime(1601,1,1)).days*3600*24*10000000 127988640000000000L

Now I can search.

$ ldapsearch -x -h 192.168.199.10 -b 'dc=myaddomain,dc=myinetdomain,dc=net' -s base -D 'jsmith@myaddomain.myinetdomain.net' -W '(&(lastLogon< =127988640000000000)(objectclass=computer)'

Note that ldap search filters don't have a less than operator, you must use less than or equal. a filter of '(lastLogin>1)' will fail with a Bad search filter error.

Using LDAP to query Active Directory is a natural fit, especially if you have LDAP experience in other applications. All of your LDAP knowledge should be applicable to Active Directory. I've found that much of the details on the AD schema attributes are not mentioned in most Microsoft documentation. It is best to go directly to the Windows SDK. Each attribute is well documented there.

Firefox Windows Authentication

Hey, this is awesome! So much nicer than using Firefox’s save password functionality. If I’m logged into a domain, and the website is on IIS with all that “windows auth” magic that automatically lets you in when using IE… well… I get that functionality in Firefox!

Thanks to Eric Wise!

basically, just add hostnames for which you wish to allow this type of authentication (a little more work than IE, a lot more security) to the following preferences in about:config : network.automatic-ntlm-auth.trusted-uris, network.negotiate-auth.delegation-uris, network.negotiate-auth.trusted-uris.

http://codebetter.com/blogs/eric.wise/archive/2006/11/16/Note-to-self_3A00_-Firefox-Windows-Authentication.aspx

Nostalgy Extension for Thunderbird is a must have

I just installed this extension and the ESC-ESC, L, ESC-M and G keybindings are enough to make it worthwhile.

I found it here: http://micke.hallendal.net/archives/2006/11/a_must_for_all.html

The G keybinding is the golden feature. It lets you quickly navigate (Goto) any folder. I still use n for next unread and b and f for previous and next message, but being able to use the arrow keys to navigate both the message list, and the message itself without clicking between panes, and without getting lots in tabstops is very nice. Just ESC-m to select the message pane and ESC-ESC to select the folder pane.

Jorge wants to know what Evolution has to offer in this area. Jorge also doesn’t care, because he uses a mouse.

Consolas in GVIM on Windows

My “notepad” of choice on windows is usually GVIM. I was quickly googling for the vim keyboard shortcut for pageup, because using the Page Up key moves my hands off of home row and that is not efficient.

I stumbled onto this page: http://www.naglenet.org/vim/
. It mentions the VIM fonts section and something about Windows NT. *ding* that is when the lightbulb went off in my head. I’m not yet using Consolas in Vim. It turns out my vimrc already had some commented set guifont directives in it. It turns out 8pt Consolas is VERY readable on my Thinkpad T42 screen as well as this 17″ IBM ThinkVision LCD.

set guifont=consolas:h8

Its a whole new world of highly productive GVIM!

A database in Subversion?

YOW!

This is interesting, but why in gods name would you do this?

http://weblogs.asp.net/jgalloway/archive/2006/10/28/Batch-files-to-check-SQL-2005-_2800_MDF_2900_-files-in-and-out-of-Subversion-source-control.aspx

I just don’t see the need for storing databases in version control. I do think that databases should be version controlled, but not the data itself. Dump the DDL and version control that. Does the data really need to be there? I supposed I can think of some arguments to do it, but it sure rubs me the wrong way. I’m guessing that 99% of the time this is NOT what I would suggest doing.

Save 10% storage on your Ubuntu installation

sudo apt-get remove –purge openoffice.org nautilus-cd-burner openoffice.org-base openoffice.org-calc openoffice.org-common openoffice.org-core openoffice.org-draw openoffice.org-evolution openoffice.org-gnome openoffice.org-gtk openoffice.org-impress openoffice.org-java-common openoffice.org-l10n-en-us openoffice.org-math openoffice.org-writer openoffice.org-l10n-en-gb openoffice.org-l10n-en-za

Immediately save 10% of your used disk space.

Yes, I am storage cramped in this day and age of 750G hard disks. Yes 250MB is not much. I don’t care. It also means I don’t have to download and install updates on all these packages. I probably should have done a server install.

No Silver Bullet Revisted

I found this “No Silver Bullet Revisted” link from Kevin Dangoor’s blog.

So what do you think of this revisitation? I think it is poppycock.

He says “Today everyone is accustomed to buying software the way we buy burgers. We’re accustomed to acquiring the right to use software bundled with the bits.” But this isn’t the way most software is bought. Software today comes with that highly restrictive EULA which says that you can only do with this software, the things that we say you can.

Mr. Cox then goes on to suggest a heirarchy of charge-for services which filter up to usable applications. My problem is that I cannot fathom what kinds of services these are. And with all the wonderful open source software and free services available today, what services could be sold? Now I’m aware that this type of activity is already happening in some niche markets, but as these niche markets become more mainstream and less niche, a “free” version enters. e.g. we now have free versions of photo hosting from flickr and picasa web.

I think that the past 11 years have showed that the industry has gone in a different direction than Mr. Cox envisioned. I think this shows that the fundaments of Frederick P. Brooks, Jr.’s “No Silver Bullet” hold true.

Thanks for the link Kevin. I enjoyed the reading.