Zen Hotdog

A zen master walks up to a hotdog vendor and says, “make me one with everything”.

The hotdog vendor charges him $5; the zen master gives him a $10.  The hotdog vendor gives him a hotdog with everything.

 “What about my change?” the zen master asks.

 “Change comes from within.”

—–

Q: How do they make decisions in Zen management school?

 A: they run new ideas up the flagpole, and see who climbs up after them.

Where have all the photos gone?

I’ve got the blog moved over, and many of the old blog entries redirecting properly (so if google was pointed at some article, it will redirect to the proper article here).

But I don’t have a solution for a photo gallery yet.  I was using Gallery before and it worked okay, I guess I could reintegrate it here, I feel as if I’ve done that exercise a number of times already and I’m back where I started.  I dislike the online services, though I do have some photos up at Google’s Picasa for the moment – mainly I dislike having them hosted on someone else’s site, and I especially dislike forcing users to create a login just to view my photos.

 Anyhow, if you see this message it may be because I’ve redirected all old Gallery links to here.  Mostly these were my old Burning Man photos that people had linked forever.  Maybe someday some of them will be back.

OSX Server Notes

Install
Networking
Firewall
Users
Mail Service
ssh
Files
www
php
gallery
mysql
ftp
perl
etc
domain
cvs


Install OSX

(10.3)
Install OSX 10.3 standard.
From OSX server disc 2, install the OSX server package MacOSXServerInstall.mpkg.
Once OSX server is running, you may remove Server Monitor icon from the dock, since it only works with Xserves.

It is possible to use standard OSX as a server, but the software and configuration will be different (and probably more difficult and unixey) than listed here.


Firewall

-Port 80 (web) – any
-any – (local subnet)
-Port 22 (ssh) – any
-Port 25 (smtp) – any
-Port 143 (imap) – any
-Port 311 Server Admin – any
-Port 660
-Port 687
(other ports as necessary)


Configure users

-Selecting “allow user to administer computer” adds “wheel” to their groups.

-To configure users from a command line, you may use the nicl netinfo utility. sudo nicl . cd users read username


Mail Service

From Server Admin:
Mail
Settings
Local host aliases – add any that this server will be serving directly.
Authentication – SMTP Login and Plain


ssh

To access the server remotely if the server is behind a strong firewall, you can set up ssh tunnels for all the server admin ports.
sudo ssh -L 548:209.242.167.76:548 -L 311:209.242.167.76:311 -L 625:209.242.167.76:625 -L 660:209.242.167.76:660 -L 687:209.242.167.76:687 root@obtainium.org

Not all of these may be necessary. You may use them individually as follows:
Port 548: Apple File Service (for afp file sharing)
sudo ssh -L 548:209.242.167.76:548 root@obtainium.org
Port 311: Server Admin SSL (for Server Admin)
(This appears to be the only port needed for Server Admin)
sudo ssh -L 311:209.242.167.76:311 root@obtainium.org
Port 625: Remote Directory Access (for Workgroup Manager)
sudo ssh -L 625:209.242.167.76:625 root@obtainium.org
Port 660: Server Admin via Server Settings
sudo ssh -L 660:209.242.167.76:660 root@obtainium.org
Port 687: Server Admin via Server Admin App
sudo ssh -L 687:209.242.167.76:687 root@obtainium.org


www

-Turn off “web performance cache” for ALL web pages (otherwise they all end up with “:16080”)
-(030304) I put the access_log and error_log for each webpage in its root directory. -analog. Don’t use the precompiled version of Analog.


php

PHP is installed on OSXS but isn’t activated.
From Server Admin/Web/Modules, activate php4_module.
You may also wish to activate perl_module if you’ll be running perl cgis. configure.sh You can then chmod the file as you see fit so no one else can run it… Then, when you want to reconfigure & recompile PHP, just delete config.cache & run sh configure.sh Now back to figure out all the options I had compiled into PHP.. doh! !–>


mysql

MySQL is installed in the server by default. You must complete the install and run it.

Run Applications/Server/MySQL Manager.
-unlock
-install
-start
-set the root password:
/usr/local/mysql/bin/mysqladmin -u root password newpassword
mysql -u root -p

User data is stored in /private/var/mysql – each database has its own directory. You may move these directories to the user folder but you must leave a symlink so mysql can find them; and they must remain owned by mysql.
There are other useful instructions for mysql at http://www.entropy.ch/software/macosx/mysql/


To install phpmyadmin, get the latest version and edit config.inc.php.

I set phpmyadmin for http auth, which pops up a window to allow access. You may use config access instead but then when you get to the page you’re already logged in with access to the database. If you have other users on the server that you want to let in with phpmyadmin, you’ll need to set their db permissions properly.

Create the “control” user and allow them read access to the mysql tables:


GRANT USAGE ON mysql.* TO 'user'@'localhost' IDENTIFIED BY 'password';
GRANT SELECT (
Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,
Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,
File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,
Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,
Execute_priv, Repl_slave_priv, Repl_client_priv
) ON mysql.user TO 'user'@'localhost';
GRANT SELECT ON mysql.db TO 'user'@'localhost';
GRANT SELECT ON mysql.host TO 'user'@'localhost';
GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv)
ON mysql.tables_priv TO 'user'@'localhost';

gallery

Before installing Gallery for the first time on the server:

I used netpbm for image manipulation (because it was easier than ImageMagick I guess, or it was free). If needed it can be downloaded from the specified page.
Once you’ve found netpbm, installation is non-obvious. Run ./configure and hit return to all the questions.
In order to make (compile) netpbm, you must have installed the Xcode tools!

/usr/local/netpbm/ justfred$ sudo cp ppmtojpeg pnmtojpeg

Adding Gallery to a website

-Download the latest Gallery from the website.
-I keep a copy in /Volumes/data/_software
-untar gallery to your website dir
tar -xvf /Volumes/data/_software/gallery-1.4.4-pl4.tar
(version number may be different)
-If you don’t already have albums, create them:
mkdir albums
chmod 0777 albums
albums must be in the website dir.
-Prep Gallery for config:
cd gallery
touch config.php .htaccess
chmod 0777 config.php .htaccess
Add Gallery to /private/etc/httpd/httpd.conf to allow Gallery to edit its own files. This is at the end of the file, not in sections by website, but the reference must be website-specific:
#Directives added by Fred
#041110 FH
#Allow Obtainium Gallery to edit its own files

AllowOverride Options FileInfo

This will reqire restarting apache:
sudo apachectl restart
-Run Gallery Configuration Wizard:
http://website/gallery/setup/index.php
Gallery Configuration Wizard Doc
Gallery Title
Admin PW (should be set to something simple, like a single character, the first time, otherwise Gallery chokes on first login.)
Temporary Directory /tmp
Email
Slideshow (ordered)
Slideshow length 0
Slideshow loop NO
Maximum length of comments 1000
When done, it will prompt you to run ./secure.sh


ftp

The FTP server should be set to allow users to see only their home directories.
-Server Admin
-FTP
-Settings

Optimally, only SFTP should be allowed, so you can kill ports 21 and 22 on the firewall, but some users may not be able to do sftp.


perl

OSX developer tools MUST be installed to add modules to perl.


etc

To create a permanent alias ll ls -l, edit the .tcshrc file in the user’s home directory, or add it to /etc/profile

To reboot the server:
$ sudo shutdown -r now


Domain Name Registration and DNS

Domain Name Registration:
-I tend to use Godaddy for registar. -On registrar, point the domain name at the dns hosts.

DNS:
-I tend to use zoneedit.com for dns hosting.
-On dns host (zoneedit.com, for example), point the domain name at the server’s IP address. Point the mx at mail.domainname.tld.
-Some registars (register.com) do both registration and dns hosting, but are more expensive.


Analog

From command line:
-create a directory (website)/_statistics (it should be owned by justfred since that’s who I run analog as – not sure how webserver has permission but it may run as root?)
-cd into it. ln -s /Volumes/data/_websites/analog/images/ images

In /Volumes/data/_websites/analog,
-copy analog_obtainium.cfg to analog_(website).cfg
-Edit analog_(website).cfg HOSTNAME “obtainium/obtainium.org”
HOSTURL http://www.obtainium.org/
LOGFILE /Volumes/data/obtainium/www.obtainium.org/_statistics/access_log
OUTFILE /Volumes/data/obtainium/www.obtainium.org/_statistics/analog_report.html

-In Server Admin/Web/Settings/Sites, -Edit the site Logging -Location: (website)/_settings/access_log (default is /var/log/httpd/)
-Format: combined
-Error log location: (website)/_settings/error_log
-Change www.domainname.tld and domainname.tld

-in analog.sh:
-copy an existing line and change it for website.
-test it by copying and pasting to command line.
Recent site about analog: http://www.afp548.com/articles/web/analog.html


Adding a User/Website/Database

-Create a directory for the user on /Volumes/data
-You may have to chmod 755 to allow access. Actually mainly the user “web” needs read and execute (to see directories) access.
-Create the user (Workgroup Manager)
-If you’re copying from another server, match the user id.
-Add all possible/unique aliases for that user.
-aliases are server-specific not domain-specific so sales@ would be at all hosted domains.
-Leave “allow log in” to allow FTP if necessary.
-Home: /Volumes/data (in most cases). -DO NOT “create home now” – that creates OSX folders.
-Set a Disk Quota, if you want.
-Mail: create mail account if necessary.
-save
-Change owner for the directory to the user.
-Create a subdirectory for each website

-Create the database
%mysql -u root -p
mysql> create database dbname;
-change the db owner to username
mysql> grant all privileges on dbname to “username” identified by “userpass”;
mysql> flush privileges;
-move the db to the user’s directory
% mv /var/mysql/dbname /Volumes/data/username/dbname
% ln -s /Volumes/data/username/dbname /var/mysql/dbname
-Move the database to the user’s directory

-Create the website (Server Admin)
-General: domain name
-General: web folder /Volumes/data/username/www.website.com (or user subdir)
-Default: check with the user that they have index.html or index.php. Sometimes they might have index.htm. Anything .asp will of course not work.
-Logging: /Volumes/data/username/www.website.com/_statistics
-Duplicate www.website.com to website.com (don’t know a better way to do this).

-User may now log in with FTP.
-User may now log in with SSH.
-User may now point DNS at server.
-You can test website before the DNS switches, by setting it in hosts on your local machine

Changing IP address of the server

For each domain name:
-go to DNS host (some may be through registrar)
-Change IP address
-Apply or activate. Should take up to 15 minutes to propogate; longer with some “sticky” DNSs.

From System Preferences/Network:
-Change IP address as usual.


cvs

Configuring CVS on the server

I chose to create a separate CVS repository for each user. Obtainium is at
/Volumes/data/obtainium/cvsroot

I created the repository with:
cvs -d /Volumes/data/obtainium/cvsroot init

Welcome Back

You may have noticed a style change here, and a lack of the playa background; both are accidental side-effects of moving my site from home-grown PHP to Joomla.

Joomla is “Content Management” software that we’re using at work, and it’s a pretty easy way to put up and manage content

I even managed to load all my old blog entries, though old links may not work till I hack htaccess, and I seem to have lost some URL refernces; it would not surprise me to find other errors as well.  If I can, the next step will be to try to create some of the old look and feel – yes,  like my playa background – and get a photo gallery running.

It’s now possible for you as a reader to log in, even to register for an account, and someone already has, but I haven’t put up anything different for logged-in users yet.

This or That


right turn on red
designated hitter rule
the road less travelled by


alligator or crocodile
Apache or IIS
analog or digital
apples or oranges
automatic or stick
AM or FM
bath or shower
beef or chicken
beer or wine
before or after
black or white
blue or grey
burn out or fade away
buy or lease
butter or mayo
Cavalier or Roundhead
creation or selection
close-hauled or running free
coffee or tea
Coke or Pepsi
day or night
DCE or DTE
(wanted) dead or alive
death or bunda
death or dishonor
Democrat or Republican
die on your feet or live on your knees
do it or donut
do or die
dom or sub
duct tape or duck tape
English or metric
feast or famine
fish or cut bait
flora or fauna
flotsam or jetsam
fold or crumple
football or soccer
Free as in speech or Free as in beer
free bottle in front o’me or pre-frontal lobotomy
full time or part time
fur us or again us
gas or electric
give up or die trying
grazer or browser
heaven or hell
hit or stay
hot or cold
hot or not
infix or RPN
leather or lace
little-endian or big-endian
live free or die
local or long distance
lunchmeat or unsolicited commercial email
magnetic or true
male or female
manic or depressive
mom or dad
motivate or procrastinate
my way or the highway objective or subjective
obsessive or compulsive
on or off
online or brick and mortar
paper or plastic
pass or fail
petrol or diesel
pitch or catch
planned or accident
prefix or postfix
pro-life or pro-choice
rant or rave
rare or well done
RC or CofE ?
red or white
regular or unleaded
rent or buy
right handed or left handed
right or wrong
rule in hell or serve in heaven
sail or power
setter or pointer
shirts or skins
shoot me now, or wait till you get home
shit or get off the pot
sink or swim
spit or swallow
stalagtite or stalagmite
starboard or port
stripes or solids
sugar cone, or waffle cone
sweet or savory
tastes great or less filling
talk or listen
to suffer the slings and arrows of outrageous fortune, or to take arms against a sea oftroubles, and by opposing end them
toe the line or stand up for what you believe in
top or bottom
tortise or hare
transmit or recieve
up or down
union or confederacy
vote or abstain
weak anthropic or strong anthropic
white meat or dark meat
win or lose
yea or nay
you eat the bear or the bear eats you
zip or button


beg, borrow, or steal
breast, wing, thigh or leg
burn, rape, pillage or plunder
coffee, tea or me
day, swing, or graveyard
fries, rice pilaf or baked potato
knife, fork, or spoon
IE, Firefox, or Safari
local, state or federal
Negroid, Caucasoid or Mongoloid
North, South, East or West
progressive, regressive or flat
shit, piss, or go blind
Windows, Mac, or Linux

Moving to Joomla

Loading data from blog:

insert into jos_content
 (id, title, alias, introtext, state, sectionid, mask, catid, created, created_by)
select
 0 as id,
 subject as title,
 ‘blog_’ + id as alias,
 content as introtext,
 1 as state,
 0 as sectionid,
 0 as mask,
 0 as catid,
 date_entered as created,
 62 as created_by
from blog

mysql search and replace

UPDATE `mos2_content` SET introtext = replace(introtext,"<p>","") WHERE `title` REGEXP '-0';

 Loading default modules:

“They are in the directories and not listed on the module manager as you need to create the modules yourself using the code. Click New on the toolbar and you are presented with a series of radio buttons which relate to each of the available modules on the system”

 

Google Analytics – janalytics?

 

How To Remove all pre installed content from Joomla

I found this info http://forum.joomla.org/viewtopic.php?f=467&p=1316879

Delete all the articles.

Empty the article Trash.

Delete all the Categories.

Delete all the Sections.

Delete all menu modules except Main Menu.

Delete all links but HOME from the Main Menu.

You now have a sterile site.

 

Moving boxes

Advice for moving, having helped someone else last 2 weekends: Go to Uhaul (or the used box place) and buy some boxes. Same-sized boxes (or at least, only 2 or 3 sizes) – not Heinz 57 variety of old boxes that don’t match and smell like cat pee. Fill the boxes (preferably with similar contents that can be labelled, for your own sanity). Get some standard labels and put them in the same place on each box (top left corner, whatever). Be sure every box is closed and taped and labelled BEFORE you ask a dear friend to pick it up and move it. I can move 5 of these boxes on a hand truck. with the same effort as a single, beaten and torn up old hand-me-down-box with the lid open overflowing with crap. And I don’t have to look at your mess as I move it. A small investment in boxes + closed, taped and labelled == happy friends that might be willing to help you move next time.

Shut up

Browsers should treat sound on websites like they do popups, and assume they’re only slightly less offensive than viruses. For websites that play sound, display a warning, “This website wants to play a sound.” followed by my favorite set of options, yes/no/always/never. There would then be an option setting to ask or never ask, and a list of sites for which sounds are allowed (Pandora can go ahead and play).

McCain – time to lay off the mud slinging

John,

You’ve lost the presidential race. Not you alone, so much as George Bush and the exploding economy. The astonishingly horrible woman you chose as a running mate did not change anything for the better, nor did your insistence on tax cuts for the rich and shameless.

Barack Obama is going to be our next president. It’s all over but the hanging-chad-counting. (That is, assuming your friends at Diebold haven’t set up yet another November Surprise – that would be even less believable than last time.) Come January we’ll be swearing in “that one”. It’s time for you to take the high road and stop smearing our next president.

The skeletons in your closet are a lot bigger than Barack’s, John. Ayers? How about the Keating 5 and G. Gordon Liddy? Why do you think haven’t the Democrats brought these up more often? Maybe it’s because they’re trying to lead a civil, positive campaign, while constantly defending themselves from your incessant, petty negative attacks.

The best thing you could do right now is frame your campaign as positive goals for the country. Remind Barak of the other 40-some percent of the people he’ll be presiding over. Remind the country that even though you’re not going to make it, the rest of your supporters: the gun-nuts; the anti-abortion nuts; the anti-gay-marriage nuts; the oil barons and the trust-funders who think taxes are for the plebeians; the self-righteous, hate-filled, intolerant jesus freaks; and everyone else who has a PAC supporting your campaign, will need some lovin’ after the election. Just because they’re wrong, doesn’t mean we should ship them all off to Alaska or something – though if they want to go on their own, it appears they’d be welcome, at least in the big cities. But contrary to W’s example, the people whose party did not win the election deserve representation as well.

Come November 5, your political career will be over. Why not end it on a positive note? Reach across the aisle one last time and give Barack a hand up, instead of taking a vindictive last swing at him. If you can do this, I promise – we’ll all vote for you for “Miss Congeniality”.

Sincerely,

A Patriotic American.