A while ago, I recieved an email from Microsoft inviting me to collect a copy of the Windows 7 beta, so fired up Safari on my MacBook Pro… to see the website get stuck. Not a good start!

Switching to Firefox soon solved things, and after I’d signed into Microsoft.com with my Windows Live ID, I was given a CD key (hint: keep pressing refresh on that page and you’ll get more…) and shortly afterwards I was presented with a Java applet download manager (though there was no readily available explanation as to why this was necessary).

After a pretty speedy transfer of the 2gb ISO image, I fired up VMware Fusion, created a Vista VM, and set the installer running. It was done in under 30 mins, a massive improvement over Vista’s tortuous install proceedure and even shaving time off XP’s install process. The boot process post-install, I might add, is also WAY faster than Vista, and about as fast as a clean XP install… though I’d imagine that’d slow down over time, as per most Windows installs.

Once the install was done I made a snapshot in VMware incase I broke things (which I indeed did).

Next up: VMware Tools. There aren’t any in VMware Fusion for Windows 7 yet, so I tried the Vista version, as I’d set the VM up as a Vista VM. Installing the tools was a relatively easy, but pointless move. Weird visual glitches on boot, and no real performance gain, so I reverted back to the snapshot.

My main interest with Windows 7 is by far Windows Media Center. It’s about all I really use Windows for at home, these days (except the odd Windows-only app, or the odd bit of Windows compatibility testing). So, I plugged in one of my USB DVB-T receivers (a Terratec Cinergy T2). It made the “new hardware” bleep-bloop noise… and then bluescreened. Damn. It automatically rebooted, and when it came back, things got a bit weird. When I tried to set up Windows Media Center, the “analyzing your TV device” stage took over an hour. I eventually gave up, and unplugged the USB cable, and it all snapped back into life. I tried repeating this a few times, but it seems that this device just doesn’t work with Windows 7 yet. It took months to get stable Vista drivers for it, so I’d imagine I’m in for a long wait for this to get stable, unless it’s due to VMware being thrown into the mix as well. I’ll try it on real hardware soon.

I tried my other DVB-T reciever, a Hauppauge WinTV HVR-900H. This didn’t bluescreen, though I did have to go and download the drivers from Hauppauge’s site myself. Once I’d gotten it installed it scanned for channels, found them (including the MHEG-only channels, looks like MHEG support from the OEM-only TV Pack update for Vista Media Center is included as standard), but when I went to watch, it refused to play video, complaining about missing files. I must add at this point that this probably isn’t a Windows Media Center issue, but more likely a VMware issue — Windows Media Center does throw the “your graphics card isn’t good enough” warning when you start it up, but I was ignoring this hoping it’d let me watch TV anyway. VMware’s Vista tools didn’t fix this either.

So, I guess the next real test as far as I’m concerned is to try this on some real hardware, rather than a VMware Fusion virtual machine. When I do, I’ll post about it here, of course.

Bookmark to:

That was a bit odd. My iPhone 3G started acting a bit weird so I turned it off. I turned it back on, and it took what seemed like forever to start back up.

When it eventually did come back, it was deactivated! It had the connect-to-itunes image (not text like the image above) at the top of the screen, no service name in the top-left corner, a “slide for emergency” thing at the bottom and an info button which showed the ICC ID and IMEI.

In a bit of a panic I turned it off and on again.

It took another eternity to start back up.

And then it booted normally, with the “iPhone is activated” message. Is my iPhone dying, or is it just time for a factory restore in iTunes?

Bookmark to:

If you’re running a Linux, Mac OS X or Unix server of any description, SSH is an invaluable tool when it comes to taking control of the machine while you’re not infront of it.

In the world of web hosting, it’s also brings with it SFTP; a fantastic alternative to the very insecure FTP. Except it has one major flaw: by default on Ubuntu (and most Linux distros), one user can see all of another user’s files just by dropping up a directory to /home. Not exactly ideal if you’re providing a shared-hosting service.

So what we want is a chrooted version of SFTP. But this would also chroot SSH too, making it unusable for system administration. So we need to lock down SFTP only, but let SSH run free. We also want to be able to make some users SFTP-only (web hosting customers), and some users SFTP and SSH capable.

Luckily someone known as “The Minstrel”, came up with a pretty good solution to this. Back in November 2007, Mads Madsen also created a guide to this process for Debian/Ubuntu 7.04. This has been my favourite solution for some time now. The OpenSSH project has since created a version of this this idea internally, but annoyingly it’s got a major flaw: wherever you want to chroot the users to must be owned by root. In other words, users will not be able to create any files in the top level of their chroot jail.

Imagine that you have your users data stored in /home/username. You can’t chroot them to /home/username unless you create a directory inside there, and then let them own that. That gives them an ugly chrooted writable path like /htdocs (or whatever you choose to call it), and a / folder they can’t edit. The other option is to chroot them to /home, and let them own their homedir as normal, but then they can see every other user’s files. Again, not ideal.

So I stuck with The Minstrel’s version, but got tired of having to recompile and rebuild all this every time I wanted it on a new machine. Some people would have probably avoided this (actually quite good) solution altogether because it’s a bit too indepth. Well, it just got a bunch easier, because I created all the bits needed and am publishing them here for you to use.

Disclaimer: I make no promises that this won’t electrocute your cat, sleep with your girlfriend, make fun of your children, etc. Infact I make no promises about this at all. That said, for me, this has worked very well several times since Ubuntu 8.10′s release, on a whole variety of machines, and I’ve had no problems with it.

So from your Ubuntu machine, fire up a terminal (or SSH in, if you’re not sat infront of it) and paste this in:

wget http://unadopted.co.uk/openssh/openssh-server_5.1p1-3ubuntu1_i386.deb
sudo dpkg -i openssh-server_5.1p1-3ubuntu1_i386.deb
sudo aptitude hold openssh-server

This will download the modified package, install it, and tell Ubuntu not to replace it with new any of Ubuntu’s versions. Now bear in mind that you won’t get automatic security updates on OpenSSH anymore — you’ll need a new version of this package when OpenSSH 5.2 comes out, but when that comes out, it’ll be a pretty simple copy/paste job to upgrade, just like that was. The Minstrel notes that it’s worth signing up to the openssh-unix-announce mailing list to find out when this is necessary.

Now if this is the first time you’re doing this we need to do a couple extra steps (though you won’t need to do this if you’re just updating):

wget http://unadopted.co.uk/openssh/sftpsh
sudo cp sftpsh /bin/sftpsh
sudo chown root:root /bin/sftpsh
sudo chmod 755 /bin/sftpsh
sudo echo "/bin/sftpsh" >> /etc/shells 

This will download and install a special shell which you’ll need to set up as the login shell for the user accounts for whoever you want to lock down. This will kick them straight out if they try and SSH in, but will still let SFTP work. We also need to tell the system which directory to lock them into by adding a special tag into their home folder definition. Which all sounds a bit more complicated than it really is (it’s just one line to copy and paste).

So, let’s say our web user is called “mywebsite-sftp”. We’d just do this, if we wanted to lock them to their home directory:

sudo usermod -s /bin/sftpsh -d /home/mywebsite-sftp/./ mywebsite-sftp

Simple, right? The Minstrel has built up a pretty good set of FAQs incase you run into any problems.

If you ever change your mind, and want to go back to Ubuntu’s default OpenSSH server and undo all these changes, that’s dead simple too, just copy and paste this in (go-go-gadget uninstaller!):

sudo rm /bin/sftpsh
sudo aptitude remove openssh-server
sudo aptitude install openssh-server 

Warning: If you’re SSH’d in, don’t disconnect between the two aptitude commands, or you won’t have an SSH server to reconnect to (but it will stay alive until you disconnect). Also, you’ll need to remember that the sftpsh shell doesn’t exist anymore, though, and you’ll need to change any users back to a different shell using usermod.

Okay, so that’s that over with. Tell your friends, post it on Facebook, link to this in forum posts, Digg it, link to this from the Ubuntu Wiki, do whatever you feel you must do to share this with the world. :)

Bookmark to:

“As has been reported, we had staff cuts at LiveJournal Inc. this week. Early media reports seriously exaggerated the impact of the decision on the continued existence of LiveJournal as a company and misrepresented the scope of the staff cuts. The cuts were part of a restructuring that shifted global design and product development to the LiveJournal office in Moscow.”
– Press release in LiveJournal’s news community

This just reinforces to me that I made the correct decision by leaving, and slurping my data out. LiveJournal is dying slowly. The community aspect has completely gone. The company-user relations are now done by an anonymous user called “theljstaff”, as opposed to real people. It’s becoming about as much of a community as being a customer of BT — they’re turning into a service provider rather than a community.

Dumping LiveJournal and switching to WordPress was possibly one of the best decisions I’ve made regarding my journal/blog. Just as joining LiveJournal back in 2000 was one of the best decisions. This offer still stands if you want help leaving.

Related:
The post where I decided to leave LiveJournal, including my reasons why

Bookmark to: