Jump to content
xisto Community

taplinb

Members
  • Content Count

    8
  • Joined

  • Last visited

  1. This is partly fun, partly to record how I got around an annoying restriction with a particular piece of software we use to control door locks. This software must run on DOS 6.22, not Windows 98 command line, not in a DOS window, but native DOS. Very particular. I had been installing DOS 6.22 onto a spare laptop, loading the software and then our data, running the program, backing up the data, wiping the laptop's drive, and restoring our standard Win2K setup via ghost. That worked, but it killed a couple of hours every time I had to run that program, and I wasn't inclined to just dedicate a laptop to this one thing. It should be a laptop because it must run in close proximity to the door lock being reprogrammed. So here's what I did instead: 1. Installed the software as described, made sure it works and has a current data set. 2. Loaded DOS drivers for the CDROM and a RAM drive. Then the program failed to load. 3. Ran DOS 6.22 memmaker to optimize the memory a bit. This took a couple of tries. 4. Cleaned up autoexec.bat and config.sys so the memmaker settings would mostly be retained but not address-specific refs, since addressing might change as I... 5. Added some conditional branching to config.sys and autoexec.bat (see below), and made copies (replacing C: with A:) 6. Created a DOS 6.22 bootable floppy and copied these tweaked autoexec.bat and config.sys files plus critical DOS stuff and the CDROM driver to the floppy, and then tested to see that the drivers would load. 7. When satisfied that the floppy worked as needed and left enough memory to run the DOS program, copied its contents to a backup on the network along with all the lock program's data to another dir. Copying the program took some doing because DOS didn't include network stuff. I actually ended up using DOS interlnk/intersvr to copy to another box with a FAT16 partition (boot from floppy) and then using Windows to copy from that FAT16 partition out to the network. 8. From that network backup, copied the program (with included baseline data) to a local drive on a PC with CD writer. 9. Used my custom DOS 6.22 boot floppy with Nero 6 to start building a bootable CDROM. This CD boots as a virtual A: drive, sees the real A: as B:, and with the DOS drivers loads its own CD and RAM drives as C: and D: (when asked). 10. Burned all the program's data plus a batch file to automate some steps onto the non-floppy-emulating part of the CD (the majority of the CD). Remember that the goal here was to not have to rebuild the dang laptops. This way I can load DOS 6.22 and a baseline of the program plus data from CD, copy the program into the writeable RAM drive, load updated data from B: (the real floppy) to the RAM drive, run the program, save changes back to B:, remove the CDROM, and be done. The laptop's hard drive never gets touched, and this makes any standard PC or laptop instantly available as a fallback. As long as the data backup is preserved along with the bootable CD (or image thereof), this should work until the death of standard x86 PCs. It was a trip down memory lane, having left DOS behind (I thought) half a decade ago. Here are the floppy's boot files. The actual CDROM driver is not CDROM.SYS. Use whatever DOS CD driver works for you: Notice from snlildude87: Brad, even if you wrote this on another site (maybe yours), you still have to quote it. It's the rules. Please do this next time, or I will have to reduce your credits. Thanks. (If your name is not Brad, then ignore the first word)
  2. Mostly for entertainment and to see whether Robert Szeleney (one-man shop) has made much progress on it, I downloaded and installed SkyOS 5 beta 8.5 on my mainbasement x86, an eMachines T2958 with add-in NVidia. I had tried 8.4 but had some issues. Fewer issues in 8.5. This is way-alternative, far left (or right, rather) of Linux.For an early beta it's pretty slick. Looks and works a bit like BeOS, but more current and with a custom GUI dev system (SkyGI) that beats the heck out of X, IMHO. Skyrecognized most of my hardware without trouble except no sound. The partioner works, grub works (edit defaults), I could tweak settings and add users with varying rights.This beta includes Bash, Blender, GIMP, Gaim, SkyVNC, Apache, Python, GCC 3.4, Mono stuff, Bochs, AbiWord, SkyPad, some games, benchmarking and sysadmintools. Most of what the home OS hacker would need to make sense of the system and maybe contribute code. Apps, that is. The OS is RZ's, but he wants others tohelp with apps, drivers, whatever, as some have done.SkyOS is not free, not open-source, and hardly mature, but I'm impressed that RS not only got this monster to dance (a la Young Frankenstein, needs some work) butthat he built it nearly from scratch, using GCC of course. If he keeps improving this, it might be worth advocating.Meantime, it's a toy. GCC plus GTK with a custom IDE and the SkyOS API are the main attractions for a few hundred hackers of various skill levels registered asbeta testers. Native SkyGI apps, of which there are a few toys, work great. Ported apps like Firefox, Abiword, and the T-bird I'm using to write this, work mostly, butare very slow compared to running the same apps on identical hardware in XP or SuSE 9.3 (as I have done).Meantime, I recommend OpenSuSE or FreeBSD to anyone who seems to want to tinker beyond Windows. Those operating systems are mature and reliable.
  3. Here's a quick summary of how one can configure OS X for use in public labs running Panther (10.3). It should also work with Tiger (10.4) but I dunno. There may be better ways, but this is quick and cheap:1. Install OS X fresh, or boot up your new Mac, and set the username to MacAdmin or the like. This is now the administrator account which users should never touch. Share this password only with trusted admins authorized to muck with critical systems.2. Install all the software you expect anyone to need in the default folders (usually Applications). Do not customize things too much. Keep it simple.3. In Apple -> System Preferences, set your prefs for Desktop, Dock, Screen Effects, etc. Do not enable anything under Sharing, and tweak network stuff as needed for your LAN or WAN including DNS.4. In System Preferences -> Accounts, make two new accounts: macuser and template. Set and record the accounts' passwords and share them only with qualified admins and junior admins. With macuser highlighted, click Set Auto Login, then Capabilities.5. In Capabilities, uncheck Remove Items from Dock, Open all System Preferences, and Change Password. You can also restrict which Applications run, but I don't see much harm in leaving that restriction off. Your call. Some disable games or delete them.6. Quit System preferences, logout, then login as the user "template". While in as template, set things exactly as you would want for the users. Be sure to test each application and define settings like default web page (in Safari and Internet Explorer).7. Logout, login again as MacAdmin. User the Print Center under Applications -> Utilities to configure any printers you might have. I favor direct TCP/IP printing, but some of you might still use Appletalk.8. Use the NetInfo Manager app, also in Utilities, to open up Security by first authenticating and then enabling the root account. Don't do this unless you have some understanding of UNIX administration or are willing to be very careful. It's brain surgery.10. Once root is enabled, open Utilities -> Terminal and "su" to become root. This makes you god of the system until you "exit" or quit Terminal.11. As root, and only if you are familiar with basic UNIX admin (much like on Linux or FreeBSD), copy /etc/rc to /etc/rc.backup, then edit /etc/rc with vi. At the bottom of the file, just above the exit line, add this: /etc/macuserfix.sh12. Save changes to /etc/rc, then use vi to create file /etc/macuserfix.sh which should include the text below (minus the leading spaces on each line): #!/bin/sh if [ ! -d /user/template ] then rm -r /users/macuser/.* > /dev/null 2>&1 rm -r /users/macuser/* cp -Rp /users/template/.CFU* /users/macuser > /dev/null 2>&1 cp -Rp /users/template/* /users/macuser > /dev/null 2>&1 chown -R macuser /users/macuser/ fi13. This little shell script is case-sensitive and must be done almost exactly as shown. Double-check. When confident, chmod +x /etc/macuserfix.sh.14. Now cd /users and make sure each account owns its own directory. You can do so with: chown [account] [account], e.g. chown macuser macuser.15. Exit, exit, unauthenticate, quit NetInfo Manager, then restart the Mac. After the restart, the Mac should log itself in as macuser with the settings you defined in step 7 above as template.16. If this was done right and works as expected, the user can only change a few things, and every reboot the Mac will set itself back to normal.There may be holes in this approach, and you may have to occasionally empty the Shared directory manually or via a shell script (could be automated to happen weekly), but for the most part the Mac should take care of itself.When you need to make changes, make big changes as MacAdmin and then set the user experience in the template account. Changes are automatically copied to macuser. Don't bothrr customizing macuser itself, as those settings are wiped and recreated every boot.
  4. Among my other duties, I help run a small computing lab for med students at the U of MN. Recently I learned that though we only have about twenty legitimate DHCP clients on our wired ethernet getting addresses from our Mac OS X 10.3 Server (great system), thirty allocated DHCP addresses were being used. Huh?I found that some addresses went to testing, which I understand, but others were being grabbed by PCs that should have static IPs but were misconfigured and/or by outsiders who unplugged our PCs to network personal laptops (a no-no). We don't watch our PCs all the time and can't trust after-hours visitors to behave, so....First I made a list of the MAC addresses for every PC or Mac I knew should have DHCP. These 12-character addresses are globally unique. In OS X find it under System -> Network -> Ethernet (I think). On Win2k/XP Start -> Run cmd and enter "ipconfig /all" to find the MAC addresses and more. Warning: some PCs, Macs, and laptops have more than one address. Be sure to record the wired one.Then I logged onto our OS X Server as Administrator and lanuched the Server Administration app. After waiting a bit for it to recognize all services, including the Netboot service I had disabled (and may discuss elsewhere), I double-checked the DHCP status but then expanded Netboot -> Settings.It's a little counterintuitive to find DHCP restrictions under something other than DHCP, but that's where it is. I selected to Exclude all but the listed addresses, then proceeded to enter every MAC addresses I had recorded as being from a legitimate DHCP client PC or Mac. The format is AA:AA:AA:AA:AA:AA. The data entry is a little awkward and time-consuming, but you only need to do it once per new device.After entering all that, I played it "safe" and properly restarted the whole OS X Server (when nobody was depending on it) to make sure all services worked.We also sometimes use Netboot to deploy OS X configs centrally, but that's a more complex topic and would consume too many words.
  5. Amanda is a free soureforge tape backup system with some advanced features. The following crontab, owned by user amanda under which account our Amanda tape backup software runs (atop FreeBSD), defines two period tape backup processes.The amcheck lines tell UNIX to run an amanda check with a particular parameter on each of two back tape sets at 3:00 pm (0 15). If a tape isn't ready, Amanda sends a warning to "root" which we in turn tell FreeBSD is me, so I then get an email kicking me to swap tapes.The amdump lines automate execution of 11:45 pm backups, for SetA every Monday, Wednesday, and Friday and for SetB every Tuesday and Thursday. Because our tape capacity of about 100GB is inadeqate to backup all our servers, we split the jobs in this manner. When there's money, maybe next year, I hope to replace our SDLT drive - which otherwise works fine - with a larger backup drive, maybe LTO.See separate post for a bit on how we configure a particular backup set.--- example ---$ crontab -l0 15 * * 1,3,5 /usr/local/sbin/amcheck -m SetA45 23 * * 1,3,5 /usr/local/sbin/amdump SetAd && mt -f /dev/sa0 offline0 15 * * 2,4 /usr/local/sbin/amcheck -m SetB45 23 * * 2,4 /usr/local/sbin/amdump SetB && mt -f /dev/sa0 offline
  6. Amanda is a free sourceforge project for sysadmins running UNIX/Linux/BSD (typically on servers) who don't want to pay a gazillion dollars to buy canned tape backup software. Amanda is not easy, but it is reliable, catalogs backups, and can backup multiple servers over a network to one tape drive according to a schedule.Here's how I might initiate a fresh set of tapes. Assume that Amanda has been installed to /usr/local/etc/amanda by me/you, that SetA is the name of the tape set you want to use (maybe a dozen DLTs), and that we'll start fresh and not worry about old catalogs or tape contents.This should be self-explanatory to anyone who has run UNIX servers with Samba 3. We keep all our users' Samba contents under directory /Staff.1. "su - amanda" to do everything as amanda2. List directory /staff [what I want to backup] in /usr/local/etc/amanda/SetA/disklist [in this config dir this lists what to backup]3. Edit /usr/local/etc/amanda/SetA/amanda.conf to name tapes SetA-[A-Z] per the man pages4. Rename /usr/local/etc/amanda/SetA/tapelist to /usr/local/etc/amanda/SetA/tapelist.old[date] to clear the current list of backup tapes5. Use "amlabel SetA SETA-[A-Z]" to relabel the set of tapes in sequence. Update the physical and electronic labels concurrently6. Use "crontab -e" to replace Home with Staff in the latter two lines of amanda's cron jobsAs with most UNIX sourceforge packages, spend considerable time reading and coming to understand the man pages before attempting to install or tweak this package. We run it atop FreeBSD 5.2.1 without problems on a Dell PowerEdge 2500 Server. It periodically backups up over 100GB of Samba-hosted files for our 50+ users. Aside from occasional tweaks, all we have to do is swap tapes daily, taking a recent tape offsite once a week in case the place burns down. < 5% of my time.
  7. Like many techs I've been chewing on ways to reduce the time it takes to maintain a big collection of "public" computers with common configs. We already use Ghost, which is wonderful, but there are opportunities for improvement, so...Some things to try:1. Basic Windows precautions help - XPsp2 Firewall, default acct has only User rights, not Power/Admin, etc. You can freeze a config (make it fix itself daily) using Reborn cards from news.asp or the like. Software solutions like DeepFreeze from Faronics are another popular way to "lock down" public PCs.2. Use OS X with (a.) Virtual PC 7 for any apps that just have to be Windows, (b.) one generic local account, whose home dir is rebuilt each boot, and (c.) OS X Server with NetBoot for fast deployment. If you can afford Apple, OS X is very secure and reliable "out of the box", meaning less tweaking.3. Thin clients from /us/en/UnsupportedBrowserErrorView?catalogId=10001&langId=-1&storeId=10151 or the like. The server will cost a bit in cash and (unless you try the Linux Terminal Server Project) cash, but client setups are instant. This can save a bundle over some years and cut security issues.
  8. I learned last year that if Symantec AV 7.6 or 9 is left at its defaults on Win2K then access in Windows Exploder to a Samba or Win2K share can be slower, especially if the dir is big.When I open SAV's Configure -> File System AutoProtect (or Real-time) -> Advanced, and change it from scanning files that are opened, moved, copied, run, or created (the default) to just scanning files that are modified/created, file access performance jumps in a big way.The registry hack below disabled the checkbox automatically for our default, unmanaged Windows 2000 configs with Norton AV 6 (Unmanaged, Defaults).Of course always test registry hacks in a non-production environment. I have not tested atop XP nor with SAV9.-Brad----- Win2K hack: nav76expldrfix.reg ---Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan]"Reads"=dword:00000000"DenyAccess"=dword:00000002"Execs"=dword:00000001
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.