A friend and colleague of mine (Matt) and I have an ongoing discussion about over-specced gear for our home networks. Our core routers have been FW-7540s running pfSense (Atom D525, 4GB RAM, 4 Intel NICs) since 2013. pfSense offers a huge advantage over commercial-grade routers – I run dual WAN with failover based on ping, link, and packet loss, have extremely customizable DNS and DHCP, and can set up an OpenVPN server in just a few minutes. Matt and I also recently have had 500Mbit+ downstream connections installed, so it’d be good to know what hardware and software combination is “for sure” capable of utilizing the full pipe.

There have been a series of excellent articles at Ars Technica this year by Jim Salter that constantly get mentioned in our discussions:

• Numbers don’t lie—it’s time to build your own router
• The Ars guide to building a Linux router from scratch
• The Router rumble: Ars DIY build faces better tests, tougher competition

Continue reading

This post is a collection of my recent Windows/Exchange administrative work.

Run AD Directory Sync Manually (New Version of Start-OnlineCoexistenceSync)

Source: https://blogs.technet.microsoft.com/rmilne/2014/10/01/how-to-run-manual-dirsync-azure-active-directory-sync-updates/

Instructions:

Import-Module ADSync
Start-ADSyncSyncCycle -PolicyType Delta

or

Start-ADSyncSyncCycle -PolicyType Initial

How do I check total mailbox sizes for Office 365/Exchange Online mailboxes?

Source: https://community.spiceworks.com/how_to/93142-check-mailbox-size-and-usage-with-office-365-or-exchange-online-find-users-nearing-their-quota

Instructions:

# In PowerShell:
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection 
Import-PSSession $Session

get-mailbox | get-mailboxstatistics | ft displayname, totalitemsize 

# When done:
Remove-PSSession $Session

Error during migration: MigrationPermanentException: Cannot find a recipient that has mailbox GUID ” error message when you try to move a mailbox in an Exchange hybrid deployment

Source: https://support.microsoft.com/en-ca/kb/2956029

• Ensure the local user object doesn’t have an exchange GUID. From the local Exchange Management Shell:

  Get-RemoteMailbox <MailboxName> | Format-List ExchangeGUID

• Get the GUID from the error message, or retrieve it from the O365/Exchange Online shell (connect as above):

  Get-Mailbox <MailboxName> | Format-List ExchangeGUID

• Set the exchange GUID for the user from the local Exchange Management Shell:

  Set-RemoteMailbox <MailboxName> -ExchangeGUID <ExchangeGUID>

• Force directory sync. Using the latest Azure AD Connect commands, on the server with the directory sync tool installed:

  Import-Module ADSync
  Start-ADSyncSyncCycle -PolicyType Delta

• Monitor with “Azure AD Connect Synchronization Service Manager” GUI application if needed.

 

Error during migration:  MigrationPermanentException: Mailbox size 12.56 GB ‎(13,489,367,463 bytes)‎ exceeds target quota 2.3 GB ‎(2,469,396,480 bytes)‎.

Source: http://andywolf.com/migrating-exchange-mailbox-from-another-forestmailbox-exceeds-target-quota/

• If applicable to a single user, use ADSI Edit to set the “mDBUseDefaults” property to False on the applicable user object, then try again.
• If database or organization-wide, use the Exchange Administrative Center to remove quotas for the database.

I have a migration batch that partially failed. Now I can’t get those mailboxes to migrate.

Sources:

• https://technet.microsoft.com/en-us/library/jj218717(v=exchg.160).aspx
• http://www.expta.com/2015/08/exchange-2013-migration-batch-completes.html

Scenario: A migration batch was partially successful (one or more mailboxes in the batch migrated properly). The errors for the remaining mailboxes have been corrected. I’d like to start a new migration batch containing the failed mailboxes, but the batch bombs out with an email to the Exchange Online administrator. The batch online looks like it’s still migrating, but the CSV with the results that was emailed contains the following error messages for each account:

The user "user@example.com" is already included in migration batch "My Migration Batch Name."  Please remove the user from any other batch and try again.

In this case you need to remove user from migration batch using the Remove-MigrationUser cmdlet when connected to the Exchange Online PowerShell session:

• Get the details of all users in migration batches, or get the details for the specific user being migrated:

  Get-MigrationUser
  Get-MigrationUser user@example.com

• Remove the user from the migration batch. Use the additional -Force parameter if you aren’t running interactively.

  Remove-MigrationUser user@example.com

• Clean up any migration batches that may still be in progress with the ‘already included’ error.
• Create a new migration batch containing the affected mailboxes.

I have an Ubuntu 16.04 desktop installation with Unity and wanted to try KDE, so I ran sudo apt-get install kubuntu-desktop. apt failed with the following message:

trying to overwrite '/usr/share/accounts/services/google-im.service', which is also in package account-plugin-google [...]

The original issue at Ask Ubuntu has several suggestions but none of them worked – any apt commands returned the same requirement to run apt-get -f install, which in turn gave the original “trying to overwrite” error message. synaptic also wasn’t installed so I couldn’t use it (or install it, as all other apt installation commands failed.)

I was able to get the dpkg database out of its bad state and continue to install kubuntu-desktop by running the following:

dpkg -P account-plugin-google unity-scope-gdrive
apt-get -f install

(Link to original Kubuntu bug for posterity: https://bugs.launchpad.net/kubuntu-ppa/+bug/1451728)

This post was cross-posted to The Linux Experiment, where I haven’t written anything for months.

I’m just over a year in since starting Invisalign treatment with RiteBite Orthodontics – and here’s how things stand.

Positive Experience

I want to reiterate that I’m quite pleased with the experience I’ve had with Dr. Luis and RiteBite. Everyone at the Waterloo office has been friendly, professional and my appointments have always started on time. I feel like Invisalign was definitely a better option over braces. Even under the perpetually ticking clock of their Terminal Services-hosted dental software, everyone that’s put their hands in my mouth has done a great job.

Continue reading

I’ve replaced the certificate on this site with one issued by Let’s Encrypt and plan to do so for all clients (or enable SSL in the first place) as their domains come up for renewal, or other maintenance work is contracted. The big downside is a 90 day expiry time, which requires a service nginx reload at least that often.

I had no end of issues using the official client as it wouldn’t create the .well-known/acme-challenge files necessary to get the domain to validate (yes, I checked directory permissions.) Instead, Vincent Composieux has some excellent instructions on just using the certonly parameter inside a script.

Continue reading

I’ve been meaning to write about my experiences with Invisalign and the orthodontic consultation and treatment process since I started investigating various options in July 2014. On advice from my dentist Dr. Reddy and her staff at King Street Dental, I received several referrals to orthodontists in the KW area, and did my own research into reputation, pricing and treatment options.

Before getting into the orthodontic part of the piece, I would definitely recommend Dr. Reddy. In my experience, she handles both routine and emergency dental work to a very high standard.

Initially, Dr. Reddy suggested that she could extract one or more teeth to correct crowding in my lower jaw, but also indicated that I should look at orthodontic treatment as an alternative.

Continue reading

Note: Roam Mobility is no longer in business as of June 30, 2020 (see the MobileSyrup article.)

I recently returned from a five day trip to Las Vegas, to once again play the low-limit blackjack at Hooters Casino Hotel, enjoy the complimentary drinks and see a few shows. I’ve done this before with friends, but the first major change is that this is the first year I’ve had cell coverage in the US thanks to Roam Mobility. I’d used them on a conference trip to San Francisco earlier this year and it was quite handy.

The general principle is that you pay $4/day for unlimited talk/text (including voice/SMS back to Canadian numbers), and also get a 300MB allotment of 4G/LTE data per day of the plan. Thus, if you buy three days you get 900MB to use at any time during the total plan. If you go through the allotment, it degrades to “unlimited” data at EDGE/128kbps speeds.

Continue reading

(Post updated 2015-05-07 with the results of some helpful feedback from mbrowne. Comments, GitHub issues and pull requests are always welcome!)

I maintain a Github repository of small useful scripts (at least to me) and occasionally get comments or email about them. I received an email yesterday asking about WordPress file permissions when applied with wpfix.py, which is a simple Python wrapper around a few common filesystem operations. I’d initially written about it a few years ago as a utility to allow sites to auto-update.

Since wpfix.py was written, it appears that there have been some changes in the way that WordPress performs upgrades. I’ll excerpt the issue from the original email:

I have recently ran your script on our wordpress website to fix permission issue.

But we are getting below error while we try to upgrade wordpress from admin panel.

 

“This is usually due to inconsistent file permissions.: wp-admin/includes/update-core.php”

 

When i look the permission I could see update-core.php file have only read permission for webserver user “www-data”. Is your script designed to set 644 for files in this folder ?

-rw-r--r-- 1 username www-data  47326 Aug  1 06:09 update-core.php

 

I took it upon myself to read some of the WordPress code that performs core updates, as well as some of the documentation. To answer the original question, wpfix.py does set 644 permissions on all WordPress files in the directory tree, then goes through the wp-content directory and adds group write permissions only where necessary.

The auto-update documentation at http://codex.wordpress.org/Hardening_WordPress states:

When you tell WordPress to perform an automatic update, all file operations are performed as the user that owns the files, not as the web server’s user. All files are set to 0644 and all directories are set to 0755, and writable by only the user and readable by everyone else, including the web server.

Unfortunately this doesn’t seem to match with the behavior in the code – when a direct FS_METHOD is used for manipulating files rather than through FTP or SSH, operations get performed as the web server user (www-data). Therefore, the 644 permissions on wp-admin are too restrictive to allow core upgrades.

There are a few solutions to this problem:

• If you do not accept the risks of having the webserver (www-data) user having write access to your WordPress contents, use the wp-cli (http://wp-cli.org/) core update command running as the user that owns the WordPress files. This is my preferred method and it can be scripted to batch update sites.
• If you completely control the webserver and can be assured that nobody will upload a potentially malicious plugin or execute code that traverses the filesystem, set the permissions to 664 for all files (not directories) under wp-admin and wp-includes directories and have the group set to www-data:


  • find $WORDPRESS_DIR/wp-admin -type f -exec chmod 664 {} \;
    find $WORDPRESS_DIR/wp-includes -type f -exec chmod 664 {} \;
    chgrp -R www-data $WORDPRESS_DIR/wp-{admin,includes}

  • I would not recommend this in a shared hosting environment. When you upgrade, the more permissive group write flag will be preserved on these files (see the WP_Filesystem function in wp-admin/includes/file.php for details on how FS_CHMOD_DIR and FS_CHMOD_FILE are set.)
• If you have FTP or SSH access to the server, and want to upgrade using this technique, remove the define('FS_METHOD', 'direct'); line from wp-config.php. This ensures that file delete, write and move operations are performed as the FTP/SSH user.

I will be adding parameters to wpfix.py shortly to address the last two points, and allow users to either set more permissive permissions on wp-admin/wp-includes directories or remove the FS_METHOD define.

Huge thanks to Matt Hopton at “How Do I Computer?” for this informative article on fixing DFS replication issues with the SYSVOL directory. In my case, symptoms were similar – AD group policies weren’t being successfully updated at a remote site with its own read-only domain controller. This was present in gpresult /h output.html, where scripts that had recently been added at logon to the main office DC earlier in the day were not able to be found on the branch domain controller.

Some additional notes:

• Look in Event Viewer under Applications and Services Logs > DFS Replication for a warning with ID 2213, which provides the wmic command needed to resume replication
• If the DC has been out of sync too long, there will be an Error with ID 4012; use:wmic.exe /namespace:\\root\microsoftdfs path DfsrMachineConfig set MaxOfflineTimeInDays=65and replace 65 with a number that is above the “server has been disconnected from other partners” value. Then, rerun the wmic command from the first event. Give it a few minutes and be patient and if all goes well, another event will pop into the log indicating successful initialization of the SYSVOL folder.

After a bit of house tidying over the past few days, I managed to locate the power adapter for my Lenovo X230 laptop. Upon booting it up I realized that it had accumulated a number of outdated applications and crufty configurations, so I wanted to restore it to factory settings. Ordinarily I would immediately image with a stock Windows ISO, but since I’d paid for a Win7 Pro license, and wanted all the Lenovo applications restored (volume/brightness OSD, battery monitor in taskbar) I specifically wanted to restore to the OEM version and then remove the trialware.

Continue reading