Taking back control of updates in Windows 10

By , 2017-01-15 18:35

Microsoft’s latest OS brings a lot of improvements and changes to Windows. One particularly significant change is the way Windows Update works. By default, Windows Update will decide on its own when it wants to restart your computer – be it in the middle of rendering video, uploading or downloading a large file, or even in the middle of a competitive gaming session:

There are a few steps you can take however to make living with Windows 10 more bearable and stop it from interrupting activities on your computer.

Unfortunately, these steps only work on Windows 10 Pro, Enterprise and Education editions.

Part 1: Local Group Policy

  1. Run the Local Group Policy Editor tool by typing “gpedit.msc” into the Run dialog box.
  2. Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update
  3. The policies we are interested in are Configure Automatic Updates and No auto-restart with logged on users for scheduled automatic updates installations.
  4. Set both policies to Enabled, then for Configure Automatic Updates, configure the options as shown:
    2 – Notify for download and notify for install
  5. This should take care of preventing your computer from restarting automatically when it feels like it.

Part 2: Disabling Updates are available nag screen

OK, so now you’ve got the automatic updates disabled. But you’ve been a bit lax with your updates and haven’t manually installed them in a while. So Windows 10 presents you with this:

Which is good, because you really should keep your computer up-to-date for both your own and others’ security online.

However, there are some cases where this screen can be incredibly annoying – on a digital signage box, on an HTPC, or on a gaming computer for example – since it interrupts whatever you are doing with an un-closeable prompt, much like adware.

The good news is that there is a way to disable it. It’s a bit less “official”, so it may not work for you, but so far so good for me.

From an elevated Command Prompt, run the following commands.

cd /d "%Windir%\System32"
takeown /F MusNotification.exe
icacls MusNotification.exe /deny Everyone:(X)
takeown /F MusNotificationUx.exe
icacls MusNotificationUx.exe /deny Everyone:(X)

Warning: I don’t advocate running commands without knowing what they do or trusting the source, and since you might not trust me, I’ll explain what the commands do.

First we Change Directory (cd) to the Windows system32 folder. Then, we take ownership of the file MusNotification.exe and deny Everyone (including the system itself) from eXecuting it. Then we repeat the process for MusNotificationUx.exe.

And that’s it!

Discs that can be used to configure AccurateRip on a new drive

By , 2016-12-17 16:11

Was just setting up EAC to use a new external Blu-Ray drive, and had some difficulty finding eligible key discs – discs that have only one pressing and are known to the AccurateRip database.

EAC needs 3 discs to correctly confirm the drive’s offset.

The discs I used were:

  • Hey Rosetta! – Seeds | Sonic Records 2 000018
  • Hey Ocean! – IS | Nettwerk 0 6700 30972 2 2
  • Taylor Swift – 1989 D.L.X (Deluxe) | Big Machine Records/Universal Music Canada BMRB0550E

Saving here for future reference to avoid me having to go through a pile of CDs next time I need to calibrate EAC for a new drive.

My convoluted Subsonic server setup

By , 2016-05-15 21:23

Since ending my colo server plan, my Subsonic server hasn’t been running. I used to just have all my media synced to the Proxmox server I had in colo, then bind-mounted that folder to the OpenVZ container that was running Subsonic.

I’ve now moved my Proxmox/Subsonic server to a little Zotac ZBOX on my LAN that only has one local disk so I figured I wouldn’t sync all my music over locally when it could just directly access it from my new FreeNAS box. Turns out this is a little bit more complex than I thought – here are the steps I did to get it working:

  1. Get all music onto the FreeNAS box. For this I’m still using BTsync. One client is on my Mac, sharing my iTunes library, the other is in a FreeNAS jail.
  2. Install Subsonic in an LXC container on the Proxmox server.
  3. Create an NFS export on the FreeNAS server and mount it as storage on Proxmox. I just used the “Add storage” option in the Proxmox Web UI rather than adding it to fstab, because I was lazy.
  4. Configure the LXC bind mount. Essentially, in /etc/pve/104.conf :
     mp1: /mnt/pve/freenas,mp=/mnt/freenas
  5. Set up Subsonic to scan the /mnt/freenas/music folder.
  6. Realize that Subsonic has issues with non-ASCII characters in filenames. Fix it by adding “export LANG=en_CA.UTF-8” to the subsonic.sh start script.
  7. Realize that Subsonic has no access to write to the NFS share, since the GIDs on the FreeNAS box and the Subsonic container don’t match. I use GID 500 = users as my main group on FreeNAS, so I created a group freenasusers with GID 500 in the Subsonic container and added the subsonic user to this group.

Probably missed some steps, but that’s the gist of it. I really need to get my blogging and documentation back on track.

How to get postfix to deliver root’s mail locally when using a smarthost

By , 2015-12-09 10:40

When setting up Postfix on Ubuntu/Debian as “Internet Site with smarthost” to use an external smtp relay, automatic e-mails intended for “root” (such as cron job error reports) get sent out to the smarthost with a To: address of [email protected]. This can cause a problem as the smarthost doesn’t know where to deliver these messages to, since myhost.mydomain.com has no MX record.

The fix for this is (go figure) in the Postfix README:

Delivering some but not all accounts locally

A drawback of sending mail as “[email protected]” (instead of “[email protected]”) is that mail for “root” and other system accounts is also sent to the central mailhost. In order to deliver such accounts locally, you can set up virtual aliases as follows:

1 /etc/postfix/main.cf:
2     virtual_alias_maps = hash:/etc/postfix/virtual
3 
4 /etc/postfix/virtual:
5     root     root@localhost
6     . . .

Translation:

Execute the command “postmap /etc/postfix/virtual” after editing the file.

Oddly, just adding the line

root: root@localhost

to /etc/aliases doesn’t work. You really need to do the steps outlined in the manual.

The magical feeling of being a sysadmin

By , 2015-04-07 21:18

It’s really cool what we can do with computers these days. I generally take technology for granted, but sometimes I am just in awe of what is possible.

 

4381851322_998492c432_o
With the ubiquity of the Internet
It’s all too easy to forget
How amazing it is, that with relative ease –
Just a few strokes of the keys
A sysadmin can ssh to a box running Unix
On the other side of the world, or just across town.
And with just a few clicks
Bounce that Windows box that’s gone down.

 

 

Image credit: https://www.flickr.com/photos/stars6/4381851322/

Written for OPS235 Course – Exam Preparedness

By , 2015-03-29 23:40

Students_taking_computerized_exam_crop

I feel ready for the OPS235 exam. There are a few areas I need to brush up on, but overall I feel I have a grasp  of most of the course content.

Strengths

  • CentOS installation
  • KVM administration via GUI
  • Package/software installation and updates
  • tar and file archiving/management
  • fstab and partition management

Weaknesses

  • Knowledge of specific commands and arguments/switches (rely on man pages)
    • iptables syntax
    • lvm commands
  • CentOS/RedHat-specific commands and conventions (used to Debian/Ubuntu)
  • SELinux
  • Memorization of .conf file structures

Exam review topics

  • KVM network configuration
  • User and group management

Written for OPS235 Course – Software and Installation Process

By , 2015-03-29 23:30

lamp-featuredSoftware installed

Apache

Apache is an open-source web server software maintained by the Apache Software Foundation and the open-source community. It can be extended using modules, and is well-documented and well-supported. It is usually the de-facto standard Web server on Linux, although lately new and customized Web servers such as nginx have been becoming more popular for dynamic, high-traffic sites.

PHP

PHP is a server-side scripting language mainly used for web development. By writing PHP rather than plain HTML, developers are able to create pages that are dynamically generated by the server on the fly depending on parameters provided. The Zend PHP interpreter is open-source software, and is available as a module for multiple Web servers on Linux, Windows, BSD and other OSes.

MySQL

MySQL is an open source relational database management system (RDBMS). It is open-source software, released under the GPL and sponsored by Oracle Corporation. The software is available at no cost, although there are also some paid versions. It has widespread use in Web applications, such as WordPress and MediaWiki, and is also used by large sites such as Facebook and YouTube.

LAMP stack

Together, CentOS (Linux), Apache, MySQL and PHP form an implementation of a LAMP stack. This stack provides a consistent, portable environment for Web developers.

WordPress

WordPress is an open-source blogging platform and CMS. It is written in PHP, and uses a MySQL database for text content storage and metadata. It provides an easy-to-use user interface, and is highly extensible and customizable with a large number of user-creatable themes and plugins. WordPress powers some prominent sites such as Forbes.com, vogue.com and nationalpost.com.

Problems encountered during installation

  • The systemctl command was not available, since this install of CentOS is using upstart rather than systemd.
  • There was no default index page created during the install of httpd. As a result, accessing HTTP on the Centos3 VM server gave an HTTP error 403 (Access denied) – the default Apache configuration denies directory listings.
  • The c6host machine was not able to access the HTTP service on centos3 because its iptables was not configured to allow inbound traffic on port 80.
  • When configuring iptables on centos3, running iptables -A INPUT -p tcp –dport 80 -j ACCEPT was notsufficient.
    • The -A option appends the rule to the end of the INPUT chain, however, there was a pre-existing explicit rule rejecting all packets.
       REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
    • To move the new rule above the reject rule, the incorrect rule had to be removed by running iptables -D INPUT -p tcp –dport 80 -j ACCEPT
    • Then, find the line numbers by running iptables -L –line-numbers
       Chain INPUT (policy ACCEPT)
       num  target     prot opt source               destination
       1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
       2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
       3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
       4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
       5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
    • Use iptables -I INPUT 5 -p tcp –dport 80 -j ACCEPT to insert the new rule above the existing rule 5.
    • Running iptables -L –line-numbers again gives the following output:
      Chain INPUT (policy ACCEPT)
      num  target     prot opt source               destination
      1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
      2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
      3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
      4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
      5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
      6    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
  • The contents of the WordPress .tar.gz file were extracted to /root/wordpress. Moving this directory to /var/www/html resulted in the Apache process not being able to read the wordpress subdirectory. Copying (cp -R) avoids this issue.
  • When configuring the WordPress connection to MySQL, the WordPress documentation said to run the query
    mysql> GRANT ALL PRIVILEGES ON databasename.* TO "wordpressusername"@"hostname"
        -> IDENTIFIED BY "password";

    to allow access to the database. However, since the MySQL server and Apache/WordPress are installed on the same host, we need to use “localhost” rather than “centos3” for the hostname.

Trick PHP into thinking SSL/HTTPS is on

By , 2014-10-15 08:53

Not sure of the implications of this/best practices, but I just added

$_SERVER['HTTPS'] = 'on';

to my index.php.

Reason for this is that I am running a php app behind a reverse proxy, with the connection between the app server and the reverse proxy being plain HTTP, but the connection between the client and the reverse proxy is HTTPS.



Enabling DVD playback on Ubuntu 14.04

By , 2014-08-02 21:37

I don’t really play DVDs on my PCs much anymore, but my brother have me the full boxed set of Freaks and Geeks (great show, cancelled too soon). Running on a fresh install of Ubuntu 14.04, I popped in the DVD and was prompted by “Video Player” aka Totem to install some additional codecs. I obliged, but after the installation, the DVD still wouldn’t play. It turns out that because of legal issues, the libdvdcss2 library is no longer included in the Ubuntu repositories. However, the libdvdread4 package does provide a script to easily install it.

Once you have libdvdread4 installed, run following script:

# sudo /usr/share/doc/libdvdread4/install-css.sh

Restart your video player and enjoy your DVD.

Screenshot from 2014-08-03 01:35:17

uptime

By , 2014-07-31 15:32

I noticed that my workstation has been up essentially since I made my last blog post.
129 days and counting.

 $ uptime
 15:22:40 up 129 days,  2:41,  5 users,  load average: 1.88, 1.91, 1.93

This system also hasn’t been re-installed since November 2012. The initial install was done using the Ubuntu 12.10 “Quantal Quetzal” CD on November 20, 2012. I’ve since upgraded to every interim release – 13.04, 13.10 and now 14.04, and used a host of different desktop environments and window managers (currently using i3). The PC actually hasn’t been rebooted since installing 14.04; I only restarted X.

matt@work:/var/log/installer$ ls -l
total 1532
-rw------- 1 root   root   1303 Nov 20  2012 casper.log
-rw------- 1 root   root   3856 Nov 20  2012 debug
-rw-r--r-- 1 root   root 420116 Nov 20  2012 initial-status.gz
-rw-r--r-- 1 root   root     59 Nov 20  2012 media-info
-rw------- 1 root   root 747016 Nov 20  2012 partman
-rw------- 1 syslog adm  377562 Nov 20  2012 syslog
-rw------- 1 root   root     17 Nov 20  2012 version
matt@work:/var/log/installer$ sudo cat media-info 
Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
matt@work:/var/log/installer$

 

Selection_111

Custom theme by me. Based on Panorama by Themocracy