September 08 2011 How to determine storage utilization of a table in MSSQL
A handy little command to find out how many rows are within a table and how much space is being used by a single table in a MSSQL DB.
sp_spaceused ‘Tablename’
Share on FacebookTags: SQL
September 08 2011 Escaping special characters in PHP for MSSQL
PHP has a built-in function called mysql_real_escape_string() for use in MySQL queries but MSSQL has been left in the lurch for this one. I found this handy function on the StackOverflow forums that works like a charm (renamed for more uniform convention).
function mssql_escape_string($data) {
if ( !isset($data) or empty($data) ) return '';
if ( is_numeric($data) ) return $data;
$non_displayables = array(
'/%0[0-8bcef]/', // url encoded 00-08, 11, 12, 14, 15
'/%1[0-9a-f]/', // url encoded 16-31
'/[\x00-\x08]/', // 00-08
'/\x0b/', // 11
'/\x0c/', // 12
'/[\x0e-\x1f]/' // 14-31
);
foreach ( $non_displayables as $regex )
$data = preg_replace( $regex, '', $data );
$data = str_replace("'", "''", $data );
return $data;
}April 02 2011 Distributing a modified build of Firefox
I’ve been working on a side-project that is based on a customized distribution of the Mozilla Firefox browser. A quick summary is that I want to create a version that has most of the security options locked-down for obvious reasons and some other configuration options locked for commercial reasons. In researching this, I’ve learned that the licensing terms surrounding distribution rights for Mozilla Firefox are much more confusing than one would assume for open-source software. Granted, this is the first time I’ve attempted to find a way to modify and distribute a customized/modified version of open-source software for monetary gain.
Naturally, I started with the Mozilla.org website and found my way to their licensing policies page. Their licensing information was pretty straightforward in explaining what I needed to know about distributing a custom build of the browser (meaning that I would download their source code, make a few changes, compile it, then distribute the resulting binary):
This means that, while you have considerable freedom to redistribute and modify our software, there are tight restrictions on your ability to use the Mozilla names and logos in ways which fall in the domain of trademark law, even when built into binaries that we provide. OK, cool. So I can modify and distribute the software with almost no restrictions on what I can modify and what I can do with it, BUT, I need to make sure I’m complying with their trademark restrictions…which brought me to the Mozilla Trademark Policy page where I read: If you’re taking full advantage of the open-source nature of Mozilla’s products and making significant functional changes, you may not redistribute the fruits of your labor under any Mozilla trademark, without Mozilla’s prior written consent. For example, if the product you’ve modified is Firefox, you may not use Mozilla or Firefox, in whole or in part, in its name. Also, it would be inappropriate for you to say “based on Mozilla Firefox”. Instead, in the interest of complete accuracy, you could describe your executables as “based on Mozilla technology”, or “incorporating Mozilla source code.”Fine, that makes sense. I wouldn’t say I’m making “significant functional changes” but that’s somewhat subjective so I’ll err on the side of caution and assume I need to comply with this provision.
So in short, I’ll need to do the following to legally be allowed to distribute my product:
- Rename the ‘firefox.exe’ binary so it’s not misleading to the user
- Call the browser something other than “Mozilla Firefox” in all user-facing aspects
- Make reference to the copyright holder as “based on Mozilla technology”
Perfect, I can do that. More to come on this project…so to speak :)
Share on FacebookSeptember 14 2010 Cool things I learned at DEMO Fall 2010
I’m in Santa Clara this week, attending the DEMO “Launchpad for Emerging Technologies” event. I attended the DEMO Pavilion this afternoon to check out all the companies launching here. There were a few cool ones but mostly redundant services/sites that already exist within existing networks or services. Being entrepreneurs, I’m sure they whole-heartedly believe their startup is the most badass thing to hit the marketplace…and rightfully so. If they didn’t, they’re wasting everyone’s time. The only one that really struck me as something I would actually use myself, with any depth, was an iTunes addon called TuneUp. It fixes ID3 tags, shows upcoming concert info, allows purchases of music through services other than iTunes itself, etc… It was really cool and definitely my favorite of everything I’ve seen so-far. The girl working the booth was pretty cute too…that never hurts the pitch either. I’ll download it and give it a shot…my opening remark to her was that I don’t use iTunes because I hate the interface and the way it organizes music. By the end of her 2 minute pitch, I was convinced iTunes is usable again if I use it with their add-on. Apple acquisition target? Maybe…
Some things I learned from walking around and listening to pitches and launches today:
- Don’t use the phrase “without further ado” to introduce your product or co-worker during a pitch because everyone else is already using it. Everyone.
- For any on-screen product demos, use a Mac if at all possible. The interface is cleaner, less cluttered and just looks smoother overall. I was at one booth and his PC’s IE window had frozen. He tried to open a second IE window and the machine BSOD’d on him. Good thing it was just me and he wasn’t on-stage…. Also- If it’s a web-based product, turn off auto-complete on the browser unless it’s needed. It will create a distraction from what you actually want to show when all of your test field-data shows up during the demo.
- DO have friends/family critique your pitch. If you can’t explain to them what you do and how you’re going to make money at it, there’s no way you’re going to relay the thought to a room of 500+ potential customers/investors/users or the random stranger that walks up to your booth. I’m guilty of this myself because I already know in-depth what my own products to (because I conceived the idea and built the product) but what I frequently fail to realize is that I need to tell other people how it works and really make them understand why they need it. I walked out of the launch session this morning still wondering what some of the startups there do. I went and spoke with a few of them and are still at a loss on a couple of them. Good luck with that.
- Stay away from phrases like “we plan to” and “we’ll soon be” – they’re too open-ended. Be definitive and decisive about what your product does. If you’re already working on major changes to the product, you launched it too prematurely. That’s not to say that you can’t have improvements in the pipeline, but if you’re already having to justify not having major features at launch, you shouldn’t be launching yet. A false start can be deadly.
- Have pricing and/or the revenue model nailed down. There’s no reason to be wishy-washy on pricing at launch. Don’t undervalue it…find the sweet-spot for the target market and stick with it. Indecisiveness in a business model shows you’re unsure if it’s going to work or not. Even if you’re not sure, don’t let it show.
- Remember my favorite phrase regarding version 1.0 launches: “If you don’t hate version 1.0 at launch, then you waited to long to launch it”. Avoid feature creep and just get the product working and out to market.
- I’m no fan of booth babes but having an attractive woman working a booth doesn’t hurt one bit. She MUST have complete knowledge of the product, what it does, what it doesn’t do, and how it’s going to make money. I’ve attended conventions and conferences in the past where the booth-babes were EVERYWHERE. I’m a big fan of “the ladies”, but at most of the shows where this took place, I would avoid those booths just because I thought it was a trashy sales tactic that those companies chose to employ. Specifically, Hula Networks was notorious for doing this at trade-shows; it’s total crap and I still refuse to buy gear from them because of it. If/when I get to launch a product at a show like this, I’m not saying I won’t bring an attractive employee/friend/co-worker with me to help work the booth, but she MUST know what we’re doing there. As an attendee, it’s annoying to be hearing the pitch from one person (i.e. the ‘babe’) and then have to be handed off to someone else at the booth when I ask my first question about their product. It’s a strange pet-peeve of mine. If you’re working the booth at a show, you should know ALL of the intimate details of the product you’re pitching. Note: the TuneUp girl was very knowledgeable of their product…could have been one of the founders for all I know. In fact, that’s probably the easiest way to sum-up what people working the booth should be like: they should have the knowledge of and passion for the product that the original founders or creators have.
- If giving out show-schwag, be sure it’s something people will actually use. Boingo gave me a bulky luggage tag with blinky-LEDs on it. Seriously? A luggage tag? I doubt this will leave the hotel with me when I check-out (Merry Christmas, housekeeping). On the other hand, Parallels gave me a boxed copy of their software. What’s cool about it is I feel like I got something tangible from the show that’s cool to use. Granted, they could have just as easily (and more cheaply) given me a pre-printed postcard with a code to download their software for free, but, having the box that I can hold in my hand makes it REALLY feel like I got something valuable from them. Giving out tangible schwag may be nearly impossible for some products or services but it’s way more memorable and less likely to get lost in my desk when I get back to the office.
- Having shitty wifi at a conference is something to be expected. Don’t rely on the venue to provide decent wireless. Any don’t, by any means, expect a decent 3G or even Edge connection on AT&T’s network anywhere in the bay area. AT&T sucks, go with Verizon or even Sprint. If you’re doing a product launch and access is critical, bring both. Having reliable connectivity options is well worth the cost of the extra service and gear. If you can’t demo your product, the whole thing was a waste anyway.
- There’s no such thing as dressing too informal during a pitch. One guy had a horrible fashion day (even I was able to tell how tacky his pants were), but his product was good. The pants became a joke that pretty much everyone in the room could laugh at/with him about and they moved on to the product itself.
- Most people are probably afraid to say it but I don’t really care what other people think, so here goes: If you speak with a thick accent, it WILL hurt your pitch. Seriously, it will. Why is that, you ask? If I have to work at being able to understand what you’re saying, it takes away from my ability to concentrate on how I’m going to use your product or why I would buy it. Maybe this is only true for chubby white-guys like myself but I feel like it’s important to mention. I noticed people tuning-out when it became difficult to understand what the person on-stage was saying.
- Don’t sound like an infomercial. One of the pitches was for a pretty cool portable image/document scanner. It was pitched by two people who sounded PAINFULLY scripted. Maybe it’s just me that gets annoyed by this but it was so obnoxious that I found myself tuning-out since it felt like I was watching a late-night infomercial…and it wasn’t even an entertaining one like Sham-Wow.
Tags: conventions, demo
July 31 2010 Lessons learned from being a Systems Administrator for an ISP
Lessons learned from being a Systems Administrator for an ISP
As one of my first forays into entrepreneurship, I co-founded an Internet Service Provider with a friend of mine. I still own the ISP and somewhat run it (it’s no longer my “day” job but I still get to tinker with the infrastructure…I have a couple of really good employees that run the daily operations). Looking back, there are a lot of things that, if done differently, would have saved me many hours of headaches and lost sleep. I’ve attempted to compile a list of some of those items, both for my own future reference and hopefully to help anyone else that may be setting out to build or maintain a consumer oriented publicly-facing service provider network.
- Lock down outbound port 25 (SMTP) connections to only allow access to your own servers. If any of your access customers are using outside e-mail services, have them contact the admin for that mail provider or service; they likely offer an alternative port (such as 587 or 2525, or just enabling SSL for the SMTP connection). Locking down SMTP connections will help minimize the risk of spam from being sent from your network.
- Limit the number of emails that can be sent in a single day on a per-account basis. I used to leave this as ‘unlimited’ since I had a level of trust with my users that they wouldn’t be sending spam (I ran a very local ISP so I had met most of my customers face-to-face…which helps with trust). The problem I always ran into was that if someone’s computer got infected with a virus, it would send out a TON of spam or virus emails to propagate itself. If you set a limit relatively low (<250/day), it will be fine for most residential users. We’ve always had a a policy of increasing the limit to a much higher number if asked, but this helps eliminate problems due to our less savvy users getting their PCs infected. Note: our mail server software (Merak/Icewarp) allows for this setting to be controller per-user; some software may only allow for system-wide settings. In that case, you may have to start at a higher threshold if you have any business customers that use your mail server for commercial (but legitimate/non-spam) uses. I set our threshold incredibly low (100 messages per day) and only had to increase it for about 25 users (out of 3500).
- If you use BIND for your public DNS, DO turn off caching for all public IPs (that is: only answer queries for zones you’re authoritative for to “anonymous” requests but you can still answer recursive requests for “your” IP blocks).
- Enable SMTP authentication and allow an alternate port for access (due to what I mentioned in item #1 of this list). While you may primarily control SMTP relaying by allowing a certain range of IPs to send anonymously, you’ll inevitably have some users with a need to send emails while off-network.
- For your mail server: properly configure Reverse-DNS so that it matches the SMTP banner on your MTA and make sure there’s a matching Forward-DNS record for the public hostname/IP combination.
- Setup proper SPF records in your DNS. It only takes a few minutes and will greatly increase deliverability of your outbound mail.
- If you put your SMTP server behind a NAT’ed firewall, make sure that all outbound connections originate from the same public IP as inbound connections to it are on. In other words: don’t port-forward the SMTP port on a secondary IP of your firewall but allow the outbound connections on your mail server to just go out through the ‘default’ IP of your firewall. This will cause you a lot of grief when sending email to other organizations. It will also break your SPF configuration. Hint: search for 1-to-1 NAT in your router/firewall documentation.
- If you plan to host any SSL sites, place your DNS service on separate machines (i.e. don’t combine DNS and WWW services on the same box). I made the mistake of doing this and have had to do a bunch of firewall tricks to be PCI Compliant. In hindsight, putting DNS and WWW services on separate servers would have saved many hours of fiddling with settings on BIND and my firewall.
- When you setup a backup scheme for your databases (probably MySQL), set them up in a fashion so each database is stored in a separate dump file. Sifting through a >1GB mysqldump file to copy+paste the section that contains the tiny little database that your customer accidentally f’d up is no fun. Notepad doesn’t like it either.
- If your webmail interface uses SSL, spend the extra money and get a SSL certificate that matches the domain so your users aren’t prompted with a SSL certificate warning. Recent versions of IE and Firefox show the equivalent of a “doomsday warning” and will scare your users from using your webmail. I’ve had users call me to let me know that our server got hacked because they were so freaked out by the warnings. Thanks IE…..
- If your end-users are dial-up users, try like hell to implement per-message size limits that are less than 1MB…or steer your users to webmail if possible. I’ve been on more phone calls than I can remember, just trying to explain to ol’ Mrs Jones why she can’t download the 75MB high-resolution pictures of her grandchildren via POP3 on her 33.6k dial-up connection. Some people will understand that it’s just not possible to download these attachments over dialup….other people will blame you for disconnecting them from “the server” (Outlook and most other mail clients will time-out after 60 seconds of not receiving a complete message and show a generic “the server has disconnected” message). If you can steer them to webmail, it’s usually easier to view/download the messages since attachments can be downloaded 1 at a time…whereas POP3 has to get the entire message and ALL of the attachments as one single file.
- Stay away from mail servers that use the MBOX file format (or other single-file per-user data schemes). It may not be the case with all mail servers but I always ran into issues where the file would stay locked if a users session timed-out while opening/downloading a message….I always ended up having to kill the POP/IMAP process to unlock the MBOX file.
My ISP was/is primarily a Linux shop. I used the following when building the infrastructure:
- OS: Debian Linux – http://debian.org
- RADIUS (Authentication): FreeRADIUS – http://freeradius.org
- DNS: BIND – http://www.isc.org/software/bind
- Firewall: PFSense when NAT is used, IPTables when firewalling a Linux host
- SSH/VNC/Remote Desktop client: VisionApp Remote Desktop – This software is awesome; you can flip between SSH, RDP, VNC and Telnet sessions using tabs…just like switching between web-pages using tabs in Firefox.
- For servers that are low utilization (e.g. our Windows web server….I hated to set one up but some people swear by Frontpage): VMWare Server – http://www.vmware.com/products/server/
- Linux/LAMP Server: We compiled MySQL+Apache+PHP from source but it was a total pain. Since the ISP I’ve grown to love DirectAdmin (http://directadmin.com). You can still compile custom options into PHP if necessary but it gives your end-users/customers their own WebUI to manage aspects of their site themselves.
- FTP Server: if you decide to roll your own LAMP server (vs using something like DirectAdmin), I’d suggest VSFTP. It’s got everything you need for security built-in and it just works…probably the most maintenance-free service I manage.
- Web Server: Hands-down, Apache. Again, I would suggest just using DirectAdmin. It’s pretty easy to compile from source though (if you don’t need/want a control panel and are comfortable editing config files to manage sites).
- E-mail: Merak Mail Server, now known as IceWarp. I’d have to say I’m not a fan of this software anymore. It worked well for what we needed: it was stable, easy to administer, offers a good API for integration with our CRM and has decent webmail. my problem with it is/was that the spam filtering is somewhat of a black-box. I was never able to get decent support from the publisher of the software which meant that I had to find my own workarounds for dealing with spam that was “black holed” by the spam filters, even when the sender was whitelisted or the recipient had filtering turned completely off. In hindsight, I would recommend AtMail (http://atmail.com) – I’ve used it for other projects and it’s awesome (and Linux based!).
- Remote Support: GotoAssist Express – there’s a monthly fee, but it’s well worth it when you have to do remote support. I’ve also used R-Hub’s Turbomeeting appliance which is equally as awesome and a one-time purchase instead of a subscription.
- Webmail: Over the years, we went through Squirrelmail, DWMail, Roundcube, NeoMail, and eventually ended up just using the Icewarp interface since it was bundled with Merak and integrated the spam filters into each users’ webmail account. Of all of these, I would prefer/recommend Roundcube because it provides drag-and-drop and a fast-ish AJAX interface. Or AtMail :)
Tags: ISP, Server Management, System Admin
July 08 2010 How to disable Office Genuine Notifications
OGAAddin.dll (and OGAVerify.exe) is a few files that been installed by OGA Notifications. OGAAddin.dll allowed OGA Notifications to install as an add-in to applications in Office productivity suites to display not genuine reminder message to illegitimate and illegal copy of Office. By stopping the OGAAddin load behavior and preventing OGAAddin.dll from loading, the Office Genuine Advantage Notifications message can be suppressed.
- Run Registry Editor (RegEdit.exe).
- Press Ctrl-F to open search box, and search for OGAAddin.connect registry key.
- In the right pane, right click on Load Behavior and select Modify.
- Change the value data from 3 to 0.
- Repeat for each and every OGAAddin.connect found.
This fix worked for me on Windows XP w/Office 2003. There are other ways to accomplish this that may be required if using a different version. See the link below for other options.
Note: originally posted here.
Share on FacebookApril 08 2010 How to fix: New Exchange users not showing up in BES Admin
Recently I created a new user in AD and created a mailbox for the user in Exchange Management Console (Exchange 2007). Immediately afterwards, on our Blackberry Enterprise Server (BES 5), we tried to create a new user (by searching for the new AD user) but it couldn’t see the user. By doing the following, we were able to successfully create the user.
Using Exchange Management Shell, execute this command on the Exchange server:
Update-GlobalAddressList -Identity "Default Global Address List"
After running the command above, go back to the BES Admin Service (aka BAS), try to search for the user again (Create User > Enter part of their name in the Search Criteria fields > click Search). They likely still won’t show up but you’ll see a new option at the bottom labeled “Refresh available user list from company directory.” Click on that option and you’ll get a notification that the update request has been queued. Wait about 2 minutes before searching again. The user should now show up and allow you to activate them for BES.
The alternative is to wait until BES updates its addressbook…I’m not positive what the update interval is. This procedure should only be necessary if you’re creating a user and then (almost) immediately afterwards trying to activate BES on their account.
Share on FacebookJanuary 26 2010 How to disable the BEEP sound in Terminal Services
In the following scenario:
- Using Microsoft Terminal Services (Windows 2003 or 2008).
- Sound redirection disabled at the server or turned off at the client
Certain system events will still cause the system to ‘beep’ out of the system speaker. Turning off Windows Sound Schemes doesn’t stop the notification beep. Note this is sound is NOT out of the normal soundcard/external speakers but will be out of the internal speaker on the motherboard. If you’re having this problem, you’ll know how incredibly annoying it is. After hours of digging online and trying different scenarios, I stumbled across a fix and have documented it here.
On the terminal server, open Regedit and navigate to the following key:
DisableBeep Registry Entry
Tags: terminal server, terminal services, Win2008
January 17 2010 The quickest way to install Joomla 1.5 on a LAMP server
So I was going to setup a website for my wife’s new gig on my web-server. I created the MySQL database, FTP account and configured Apache accordingly. After downloading the Joomla 1.5.15 tarball and starting the FTP upload to my web-server, I went looking for the Joomla quickstart guide. To my astonishment, the “quickstart” guide is a full 49 pages long. Awesome, to say the least…and not too quick.
Here’s another one of those blog posts that’s mostly self-serving but hopefully helps a few other Joomla hopefuls.
To install Joomla 1.5 on a LAMP (Linux+Apache+MySQL+PHP) server:
- Download the tar or zip file from the www.joomla.org website
- FTP the contents of the file to your web server
- Browse to the URL of your web-server (the URL of where you uploaded it)
- Walk through the wizard, enter all information as needed.
- Once you’re at the ‘Congratulations’ page, reconnect via FTP and delete the ‘installation’ folder from the server.
- That’s it! You can now manage your Joomla site by going to the http://sitename.com/administrator address.
What’s great is that with the newer versions of Joomla, the admin console actually connects to your web-server using FTP to make changes to your config files and to upload Themes/Plugins, etc.. No more chmod’ing files on your web-server!
Share on FacebookTags: how-to, joomla installation, lamp
November 28 2009 How to select which IP version to ping
If you’re trying to ping something by hostname but only want to ping the IPv4 IP address, you’ll sometimes need to specify this when executing the PING command. Example on Win2008 & Vista (pinging the IP server.domain.com)
To ping and IPv4 IP:
ping server.domain.com -4
To ping an IPv6 IP:
ping server.domain.com -6Share on Facebook
