Operating Systems

EnvPane - An OS X preference pane for environment variables

Submitted by Hannes Schmidt on Thu, 01/03/2013 - 00:52.

EnvPane is a preference pane for Mac OS X (10.8 or newer) that lets you set environment variables for all applications, both GUI and terminal. Not only does it restore support for ~/.MacOSX/environment.plist (see Background), it also publishes your changes to the environment immediately, without the need to log out and back in. This works for changes made by manually editing ~/.MacOSX/environment.plist as well via the preference pane UI.

EnvPane was tested on OS X 10.09 “Mavericks”, OS X 10.11 “El Capitan” and macOS Sierra (10.12). It should also work on 10.10 “Yosemite”. Apple reimplemented launchd in 10.10 and in the course of doing so deprecated the APIs used by EnvPane and even broke some of them. EnvPane v0.6 adds support for the new but undocumented APIs, addressing the deprecation and broken APIs.

( categories: Mac OS X )

Install Squid 3.2.x on Ubuntu 12.04 (Precise) LTS

Submitted by Hannes Schmidt on Thu, 01/24/2013 - 17:51.

This is how I upgraded the Squid package from 3.1.19 to 3.2.6 on my Ubuntu 12.04 installations. The 3.2.x branch contains support for multiple cores, so that's a pretty important update to have. 12.04 is an LTS release, so I'm really not sure why 3.2.6 hasn't been backported to it. Anyhow, here's how I did it:

Set up the dquilt shell alias as described in the Debian New Maintainer's Guide:

alias dquilt="quilt --quiltrc=${HOME}/.quiltrc-dpkg"

Create ~/.quiltrc-dpkg containing

( categories: Unix | Administrator )

Lightweight and fast HTTP proxies

Submitted by Hannes Schmidt on Sat, 01/19/2013 - 17:24.

I recently evaluated several open-source HTTP proxy servers. I was looking for something lightweight and fast, without a persistent cache or with no cache at all.

( categories: Unix | Administrator )

Installing Mosh on Ubuntu Hardy

Submitted by Hannes Schmidt on Thu, 07/26/2012 - 23:24.

I recently had to get into the Mosh pit with my good old friend Hardy Heron aka Ubuntu 8.04 TLS.

wget --no-check-certificate https://github.com/keithw/mosh/zipball/mosh-1.2.2
mv mosh-1.2.2 mosh-1.2.2.zip
unzip mosh-1.2.2.zip
cd keithw-mosh-df955aa
sudo sed -i -r 's/#\s*(.*hardy-backports.*)/\1/' /etc/apt/sources.list
sudo apt-get update
sudo apt-get install build-essential autoconf automake libprotobuf-dev \
                     protobuf-compiler libncurses5-dev zlib1g-dev libio-pty-perl
protobuf_CFLAGS=" " protobuf_LIBS="-lprotobuf" ./configure --prefix="/usr"
sed -i s/LITE_RUNTIME/SPEED/ src/protobufs/*.proto
sudo make install

( categories: Unix | Administrator )

Debian/Ubuntu packages for Hudson CI

Submitted by Hannes Schmidt on Wed, 05/05/2010 - 10:19.

The awesome Hudson Continuous Integration project seems to be undergoing some organizational changes at the moment. Its leader, Kohsuke Kawaguchi has left Sun/Oracle and started up his own company revolving around professional services for Hudson, it seems. Let's hope this is not going to be one of those messy "open-source project going commercial" scenarios. Anyways, one of the more immediate problems caused by the changes is that the Debian package repository did not get any updates since late March. In a Hudson mailing list Kohsuke casually announced that he'd be pushing packages to this Hudson CI Debian and Ubuntu package repository but this fact isn't reflected on the official Hudson website yet which is why I am mentioning it here, putting all of my SEO weight behind the link ;-).

( categories: Unix )

Bind9 with DLZ and MySQL backend on Ubuntu Jaunty (9.04), Lucid (10.04) and Precise (12.04)

Submitted by Hannes Schmidt on Thu, 12/24/2009 - 15:48.

Update 06/27/2010: This workaround is still necessary for Lucid (10.04 LTS) and Precise (12.04 LTS). These instructions still work for those releases with minor adjustments (see the updates at the end of the article).

This forum post got me started but I got stuck in various places and thought I'd summarize what worked for me. I'm not going to explain much but if you're going to work with Bind and DLZ you probably know what you're dealing with. I also won't go into configuring DLZ because that depends on your particular DB schema and there is sufficient documentation on the DLZ website.

We need MySQL of course:

( categories: Unix )

Installing dbd-mysql for 64-bit binary installation of MySQL

Submitted by Hannes Schmidt on Sat, 06/20/2009 - 18:02.

The dbd-mysql gem assumes (?) an i386 architecture when building the native component of the driver. You'll need to set ARCHFLAGS appropriately and point the build at the installation of MySQL.

sudo env ARCHFLAGS="-arch x86_64" \
     gem install mysql -- \

That should fix it.

( categories: Mac OS X | Administrator )

Multiple Google Notifier instances for multiple accounts on Mac OS X

Submitted by Hannes Schmidt on Fri, 06/19/2009 - 12:29.

I use Google Notifier to have my Gmail account checked for new mail periodically and automatically. I have a secondary Gmail account that I don't use that often but that I would like to have notifier check as well. Unfortunately, Google Notifier currently supports a single Gmail account only. Here's a simple hack that works well for a few gmail accounts. In a nutshell, you need to clone the application package and modify the bundle id in the clone's Contents/Info.plist file.

  1. Copy the Google Notifier application from Applications to a temporary location.
( categories: Mac OS X | Geek )

Overriding DHCP- or VPN-assigned DNS servers in Mac OS X Leopard

Submitted by Hannes Schmidt on Sun, 05/03/2009 - 13:13.

I'll have to break sad news to you: /etc/resolv.conf has been made redundant in Mac OS X. The dig and nslookup utilities still read it but most applications use a different mechanism for picking DNS servers when resolving host names. They generally go through Darwin's resolver library which instead of reading /etc/resolv.conf looks up DNS servers via the SystemConfiguration framework backed by configd. Survival of the fittest, I guess, or, Darwin's intelligent design.

Ok, ok, I'll stop trying to be funny ... Anyways, this would be all swell if there wasn't the occasional need for manually specifying DNS servers. For me this need typically arises when I connect to a VPN managed by an operator from hell. After hours and hours of hard work (my fingertips still hurt from all the googling) I present to you a solution:

With the VPN connected, launch scutil with root privileges:

hannes-mbp:~ Sysop$ sudo scutil
List all network services with DNS configuration:
> list State:/Network/Service/[^/]+/DNS
  subKey [0] = State:/Network/Service/A3551F2D-62CE-1234-B79A-6EE50CA7AE30/DNS
  subKey [1] = State:/Network/Service/F194302A-846C-4321-9325-6813DAE148F2/DNS
Pick one and show its contents.
> show State:/Network/Service/A3551F2D-62CE-1234-B79A-6EE50CA7AE30/DNS
<dictionary> {
  SupplementalMatchDomains : <array> {
    0 : 
  ServerAddresses : <array> {
    0 :
    1 :
  SupplementalMatchOrders : <array> {
    0 : 100000
Ahh, this is the one! So let's get rid of those pesky servers. Obtain a working copy of the DNS configuration entry. It's called ... drum roll ... well, obviously: "d" (rolls eyes).
> d.init
> get State:/Network/Service/A3551F2D-62CE-1234-B79A-6EE50CA7AE30/DNS
> d.show
<dictionary> {
  SupplementalMatchDomains : <array> {
    0 : 
  ServerAddresses : <array> {
    0 :
    1 :
  SupplementalMatchOrders : <array> {
    0 : 100000
Reset the ServerAddresses entry to an empty array:
> d.add ServerAddresses *
> d.show
<dictionary> {
  ServerAddresses : <array> {
  SupplementalMatchDomains : <array> {
    0 : 
  SupplementalMatchOrders : <array> {
    0 : 100000
Write the working copy back:
> set State:/Network/Service/A3551F2D-62CE-1234-B79A-6EE50CA7AE30/DNS
Note, that the line
d.add ServerAddresses *
clears the ServerAddresses array, thereby removing all DNS-servers tied to that particular connection ("service" in Apple-talk). Without service-specific DNS servers, Mac OS will fall back to DNS servers from other network services. Not sure how exactly that works. If you want to specify particular DNS servers, use
d.add ServerAddresses *

By the way, the "*" signifies array values, so it's not some kind of wild card.

( categories: Mac OS X | Administrator )

Pimp Da Kitty

Submitted by Hannes Schmidt on Sat, 12/13/2008 - 00:46.

I have been converted. After having preferred Windows on the desktop for the past 15 years, after six generations of

Yet Another Way To Screw Up The Control Panel,

I felt the urge to try something else. Something that

Just Works.

Those fifteen years were an interesting ride but for some reason the pride and satisfaction of finding just the right combination of registry settings that would let me mount a Samba share had worn off. I want to spend my time on something creative. Defragmenting the registry, scanning regularly for malware, and trying to find anti-virus software that doesn't take five minutes to load is fun and all, but how about an operating system that doesn't need any of that? You guessed right, I have become a Mac user. Enough of the trivialities, in this article I would like to list a handful of very useful Mac OS X applications and utilities I couldn't live without anymore.

( categories: Mac OS X )

Increase Wireshark Font Size on Mac OS X

Submitted by Hannes Schmidt on Sun, 12/07/2008 - 18:58.

Wireshark has a preference setting for the font of the capture display but it won't let you change the main font used for other UI elements such as like menu, toolbar and dialog windows. The default for the main font is illegibly small on my Mac OS X Leopard system -- I used Macports to install Wireshark and its dependencies. To fix it you need to add the gtk-font-name setting to your .gtkrc-2.0 preference file:

echo 'gtk-font-name = "Sans 14"' >> ~/.gtkrc-2.0

This will affect all applications using the GTK 2.0 toolkit but I guess that's ok.

( categories: Mac OS X | Administrator | Geek )

"No DBD Authn configured!" with Apache, Digest Auth and DBD

Submitted by Hannes Schmidt on Sat, 02/02/2008 - 14:10.

I use mod_authn_dbd to check HTTP authentication credentials against a MySQL database. After switching from Basic to Digest authentication I got 500 errors and No DBD Authn configured! in the server's error log. It took me a while to realize that it wasn't enough to change

( categories: Unix | Web Servers | Administrator )

Sending DNS notify messages (update notifications) using Ruby

Submitted by Hannes Schmidt on Sun, 01/20/2008 - 15:49.

… is actually easy thanks to Dnsruby. The following code illustrates that:

( categories: Ruby | Unix | Web Servers | Windows )

Quickly enable/disable default gateway for VPN on Windows

Submitted by Hannes Schmidt on Thu, 01/10/2008 - 14:53.

Whether a VPN connection has the "Use default gateway on remote network" option enabled has big impact on how network traffic from your machine is routed.

( categories: Windows | Administrator | Dummy )

Windows Vista's DNS server priority issues in VPNs

Submitted by Hannes Schmidt on Thu, 12/27/2007 - 18:27.

Today I ran into a subtle issue regarding the order in which Windows Vista queries connection-specific DNS servers. I tested a setup with a PPTP VPN server that also provides DNS name resolution services to its VPN clients. For that purpose I ran both a BIND 9 name server and a Poptop PPPD daemon on the same box. It is dual-homed, i.e. one interface is the private interface of the VPN tunnel endpoint and the other one is the public Ethernet interface through which the server is linked to the internet. I configured BIND to listen on both interfaces.

( categories: Unix | Windows | Administrator )

Ubuntu 6.01.1 "Dapper Drake" DVD Torrents

Submitted by Hannes Schmidt on Sat, 09/02/2006 - 00:57.

It took me sometime to find Ubuntu torrents that work. I noticed that the .torrent files on the official Ubuntu server and its mirrors point to dead torrents. After some digging, I found this tracker to be most up to date. In case you're stumbling over this problem too, give it a try. It seems to be the official Ubuntu tracker.

( categories: Unix | Administrator | Geek )

Installing VMware Server on Gentoo Linux (Version 3)

Submitted by Hannes Schmidt on Sun, 07/09/2006 - 21:49.

[This article is now somewhat obsolete because vmware-server have been included the official portage tree. There is no need for a separate overlay. The bug reports still apply. This is an updated version of a two previous article on the subject.]

The new VMware Server is going to replace VMware's GSX Server product. And it's more than just a new name: VMware will supposedly release it free of charge. Being still in beta testing, there are currently no stable ebuilds available for it on Gentoo Linux. Fortunately, Mike Auty and others are working on one and they are doing a fine job. They also seem to be streamlining and consolidating other related VMware ebuilds. You can keep track of their progress on these Bugzilla bugs:

  • Problems regarding the vmware-module ebuild: 137422.
  • Problems regarding the vmware-player ebuild: 137423.
  • Problems regarding the vmware-server ebuild: 137424.
  • Problems regarding the vmware-server-console ebuild: 137425.
  • Problems regarding the vmware-workstation ebuild: 137426.
  • Problems regarding the vmware-workstation-tools ebuild: 137428.
  • Problems regarding the vmware overlay in general: 122500.

The VMware Server ebuilds are not part of the official stable Gentoo portage tree so if you want to install them on your system you will have to jump through a few extra hoops. Fortunately this process has become very convenient and straight-forward thanks to Gunnar Wrobel's layman.

( categories: Unix | VMware | Administrator )

Installing VMware Server on Gentoo Linux (Version 2)

Submitted by Hannes Schmidt on Wed, 03/15/2006 - 09:17.

[This is an updated version of a previous article on the subject.]

VMWare is going to replace its GSX Server product with the new VMware Server. And it's going to be more than just a new name: the best thing about it is that VMware releases it free of charge. Being still in beta testing, there are currently no stable ebuilds available for it on Gentoo Linux. Fortunately, Mike Auty is working on one and he is doing a fine job. You should keep track of his progress on Gentoo Bugzilla bug #122500. For people with little Portage experience (author included) it can be a bit complicated to throw together an ebuild from bugzilla attachments.

( categories: Unix | VMware | Administrator )

Filtered: NMAP Port Scanner Sees Through IPtables Firewall

Submitted by Hannes Schmidt on Thu, 02/23/2006 - 15:02.

Ever wondered why port scanners like nmap are able to tell that some of the ports on your server are protected by a firewall? Have a peek at this nmap transcript:

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2006-02-23 22:54 CET
Interesting ports on doodah.com (
(The 1658 ports scanned but not shown below are in state: closed)
21/tcp   open     ftp
22/tcp   open     ssh
53/tcp   open     domain
80/tcp   open     http
3306/tcp filtered mysql

I'm quite sure my firewall blocks access to the mysql port. Yet it bugs me that it is possible to tell that I have MySQL installed on my system simply by performing a port scan.

( categories: Unix | Administrator )

Installing VMware Server on Gentoo Linux (Version 1)

Submitted by Hannes Schmidt on Wed, 02/22/2006 - 11:39.

[This is and outdated version of the article. Read the new version!]

VMware Server is going to replace GSX server. The best thing about it is that VMware releases it free of charge. Being still in beta testing, there are currently no stable ebuilds available for it on Gentoo Linux. Fortunately, Mike Auty is working on one and he is doing a fine job. You should keep track of his progress on Gentoo Bugzilla bug #122500. For people with little Portage experience (author included) it can be a bit complicated to throw together an ebuild from bugzilla attachments.

( categories: Unix | VMware | Administrator )

True Geo-IP country geolocation for Google Urchin 5 statistics

Submitted by Hannes Schmidt on Thu, 12/15/2005 - 08:58.

If you are a user of Urchin 4 or 5 you might have noticed that Urchin’s “Countries” report does not match the standards that Urchin has set for professional website statistics.  It seems to be Urchin’s weak spot.  It might be ok for you but I was certainly disappointed when I discovered that Urchin determines (or should I rather say: attempts to determine) a visitor’s location from a database that is derived from reverse DNS lookups. This type of location reporting can hardly be considered state-of-the-art, even less so for a commercial website log file analytics application. This article is about how Urchin 5 can be fooled into using true Geo IP mappings for its Countries report.

( categories: Unix | Windows | Webmaster )

Urchin 5 and dynamic URLs with query parameters/arguments

Submitted by Hannes Schmidt on Tue, 12/06/2005 - 16:14.

Urchin is a professional web log analysis and statistics application. It was recently acquired by Google and what used to be called Urchin 6 On Demand is now being integrated into Google Analytics. I don’t know for how long the stand-alone Urchin 5 will be around but right now it is still used by many individuals and corporations. I was not happy with the way Urchin deals with dynamic URLs, i.e. URLs that have query parameters in them. After playing around with Urchin 5's advanced filters for a while, I came to the conclusion that they can be employed to improve Urchin's dynamic URL handling.

( categories: Unix | Windows | Webmaster )

Visual SourceSafe 2005 Internet and IIS Setup

Submitted by Hannes Schmidt on Mon, 12/05/2005 - 18:28.

One might think that it wouldn't be so difficult to setup Visual SourceSafe 2005 on Windows Server 2003 with IIS such that users can access the SourceSafe database using the Visual SourceSafe 2005 Internet plugin. But dude, I was so wrong! I managed to get it working in the end but it took me an etire day. Anyway, this isn't a complete HowTo. I would just like to point out a few not so obvious caveats.

( categories: Windows | Administrator | Programmer )

VMWare: Migrating Windows XP and 2000 to a Virtual Machine

Submitted by Hannes Schmidt on Sun, 10/02/2005 - 19:38.

The other day I decided that I wanted to switch my laptop's German language version of Windows XP to the English language version. I could have reinstalled Windows XP from scratch but that would have meant losing all my settings and configurations and, since I have fine-tuned my system, many hours of work would have gone down the drain. Furthermore, I wanted to maintain the German version for certain tasks. What to do?

( categories: VMware | Windows | Administrator )

Moving Software Installation Packages between Group Policies

Submitted by Hannes Schmidt on Thu, 09/08/2005 - 19:21.

Let's skip the introduction. You probably googled this article anyway, so you'll know what I'm talking about. This is the scenario: You use group policies to publish or assign software packages (usually Windows Installer MSI) to your Windows workstations. At some point it would be convenient to move a package from one group policy to another, without triggering a complete reinstallation.

( categories: Windows | Administrator )

How to disable USB sticks and limit access to USB storage devices on Windows systems

Submitted by Hannes Schmidt on Sat, 08/20/2005 - 09:50.

USB storage - a possible security risk?

Decent IT administrators secure their networks behind firewalls. They install mail filters on their SMTP servers and deploy anti-virus software on all client workstations. But securing the network is not sufficient -- what happens if the users bring their own USB memory sticks and connect them to the computers at their office? A 1 Gb USB stick can sometimes hold an entire company's vital data. Within minutes or even seconds an employee has all the files they need in order to start up their own business and take all the customers with them. Alternatively, what happens if a careless user accidentally compromises the network with an infected USB stick?

( categories: Windows | Administrator )

Fainted: Reinitializing the (Non-)Authoritative File Replication Service (FRS, NTFRS) Database on Windows 2000 Servers

Submitted by Hannes Schmidt on Thu, 03/17/2005 - 16:11.

I post this for people who have had the same experience so they do not panic like I did.

The Symptoms

Yesterday one of my Windows Domain Controllers became inaccessible. Users were not able to login to their workstations and I even couldn't log into the server using my admin credentials. The server would not recognize the admin account so I guessed Active Directory must have been down. I had to shutdown the box completely and impolitely using the reset button. After that I did the usual routine checks in order to verify that things were running smoothly. But things weren't at all ok. After the restart, the File Replication Service could not play back its JET database logs and it started an non-authoritative restore (although it didn't say that).

( categories: Windows | Administrator )

Gentoo Linux on a Dell Latitude X300

Submitted by Hannes Schmidt on Thu, 01/20/2005 - 14:42.

I'm currently struggling to get Gentoo to install from a Live CD on a new Dell Lattitude X300. It boots the kernel just fine but the init script can't mount the live CD because it doesn't find the cdrom drive. The X300 comes with a docking station which holds the CD drive which is connected internally via USB.

( categories: Unix | Administrator )

Adding drivers to RIS images without RIPrep (Windows XP and Windows 2000)

Submitted by Hannes Schmidt on Sat, 11/13/2004 - 17:30.

25.07.2006: Fixed typos (RIPrep and RISetup confusion in section Putting a driver into a RIS image).

The other day, a new machine arrived at the office. Although it was a fast and sexy Dell Optiplex SX280, I dreaded going through the setup and installation procedure; maybe because I live in a dream world. In my personal administrators’ dream world, when a new desktop computer arrives the hardest task is trying to get your signature right on that funny brown handheld computer that the UPS dude hands you after dropping the box. That’s because in my dream world I use a fleet of tools and technologies that MS refers to as IntelliMirror. In a nutshell, IntelliMirror equals RIS plus AD plus Windows Installer. I won't tell you all the gory details about these; rather, for the remainder of this article I'll assume that you have used RIS before.

( categories: Windows | Administrator )