New website coming soon
Posted by madao666 in Uncategorized on February 11, 2013
Hey all, I have decided to take my site off of wordpress, I found that the hosting package is a little bit limited, excuse the stagnation of the site till I can get something working again… Good news is I have two short stories in the works…
In The Mouth Of Madness
So new year has happened. the world did not end, zombies did not crawl out of their graves and terrorise the world. I found myself picking out an old friend from book shelf; Brian Lumley’s ‘The Burrowers Beneath’. This tale of terror visits H.P Lovecraft’s vision of horror where vast god like beings sleep within the depths of the Earth waiting for the right time to take back what is theirs and destroy humanity (or at least drive it insane) One of the first books I ever read of Lovecraft was called Dagon, the first few lines spoke of a man who was writing his last words before he his demise, for an instant I thought that it was truly that the man writing down in these pages was his last words. The style and prose forever changed my views on modern literature and set the benchmark for storytelling.
Having found little time in the last two years to read any fiction it was pure pleasure to pick a book up just for the sake of reading, only having some spare short moments to read I managed to finished ‘The Burrowers Beneath’ over the span of a week, although I have the rest of the series available I am tempted to go back and read some actual Lovecraft books. I have also dusted off some of my old (and most cherished) horror movies and watched a few of them. These stories have have made me think back to younger times and also to think back on writing. So in the previous weekend I started thinking of a new short story and came up with a few ideas for a dreadful tale, The setting for this tale is in the fictional town of Anchor set within the Blue Mountains of Australia, some of the Lovecraftian themes will be central to the area. I hope to post more details but it is still early and I am researching. I leave you know with a quote from Mary Shelley ‘ I busied myself to think of a story, —a story to rival those which had excited us to this task. One which would speak to the mysterious fears of our nature, and awaken thrilling horror—one to make the reader dread to look round, to curdle the blood, and quicken the beatings of the heart.’
Setting up the windows side of opennms monitoring with WMI
At work we use opennms monitoring (http://www.opennms.org/) to monitor the vast amounts of infrastructure that we have to take care of, generally the system works fairly well, however SNMP for windows based systems is lacking unless you use a third party snmp plugin, unfortunately the documentation for ONMS is very lacking on how to actually set up a reasonably secure user credentials and GPO practices for domain based wmi monitoring.
This document assumes that you have some basic knowledge of windows systems.
—update—
I have found several issues with this system, I will update this document when my examinations have been complete, I suggest that you test this out on your test systems before you deploy it, this may not work on clustered hyper-v systems and systems with IIS (maybe) ill update as more information comes up.
–update–
Install WMI SNMP provider
To install the SNMP Provider
- Open Server Manager and go to features
- Select Add Features
- Select SNMP Services (SNMP Service, SNMP WMI Provider)
- Follow Prompts.
Group membership, security policy assignments and permissions
1. Create domain user (wmiuser)
2. Create a group (wmigroup)
3. Place wmiuser into this newly-created group.
4. Put the newly created wmigroup into the following domain groups:
- Performance Log Users
- Distributed COM Users
- Certificate Service DCOM Access
- Performance Monitor Users
5.: Run one of the following three Microsoft Management Console (MMC) snap-ins, I recommend creating a new GPO specifically for this, assign wmigroup and domain computers to the access rights of the policy
- the Local Security Policy snap-in (
secpol.msc) for member servers, or - the Default Domain Security Policy snap-in (
dompol.msc) if you wish to configure these settings domain-wide as a GPO, or - the Default Domain Controller Security Settings snap-in (
dcpol.msc) if you wish to assign the rights only on domain controllers.
6. Once the snap-in is started, expand Security Settings, then Local Policies, and finally User Rights Assignment.
7. Assign your new group at least the following rights:
- Act as part of the operating system
- Log on as a service
- Replace a process level token
8. Exit the Policy Settings utility.
Distributed Component Object Model rights assignments
Now, you must configure DCOM security for wmigroup.
1. Run Component Services by selecting Start -> Administrative Tools -> Component Services.
2. Once there, expand Console Root, then Computers, and finally My Computer. Right-click on My Computer and select Properties…
3. In the window that appears, click on the COM Security tab.
4. Under Access Permissions, click Edit Limits.
5. Review that the Distributed COM Users group has all items checked under Allow.
6. (optional) Add the wmi group to this list and ensure that they have full Allow access as well.
Note: This step is not required, since the wmi group is a member of Distributed COM Users.
7. Once you’ve reviewed the presence of Distributed COM Users, or added the wmi group, click OK to save your changes and be returned back to the COM Security tab.
8. Now, under “Launch and Activation Permissions”, click Edit Limits.
9. Like with the “Access Permissions” window, you are presented with a list of groups and permissions. You need to make sure that the Distributed COM Users group has all items checked under Allow.
10. (optional) Add the wmi group here, and assign full Allow access.
Note: This step is not required, since the wmi group is already a member of Distributed COM Users.
11. Click OK to save your changes.
12. Exit the Component Services utility.
WMI namespace security assignments
Next, set WMI namespace security so that the wmi group has access to WMI objects.
1. From the Start menu, select Run…, and in the window that opens, type in wmimgmt.msc in the “Open:” field and click OK.
2. Once there, right-click on WMI Control (Local) and click Properties.
3. Click on the Security tab.
4. Click on the Security button at the bottom right of the window. This action edits the security settings for the Root WMI namespace.
5. You’ll now see a window that has the security settings for WMI on this machine. Click Advanced…
6. You’ll now see the Advanced security settings for this WMI namespace. Add the wmi group to the list, and give at least the following “Allow” permissions:
- Execute Methods
- Enable Account
- Remote Enable
- Read Security
Note: Make sure that these permissions apply to this namespace and all the namespaces under it. Do that by selecting This namespace and subnamespaces in the dropdown box above the permissions list window.
7. Click OK to save the new permissions.
8. Then, click OK again to exit out of the Advanced Security Settings.
9. Click OK a third time to exit the security properties.
please note that changes to the user will usually require a server reboot before these settings take effect.
WMI related Firewall ports for Opennms
The following ports should be opened if there are any firewalls between your monitoring system and your servers
DCOM Dynamic Range (5000-5100)
HTTP
MS-RPC-EPM (135)
Rdesktop (3389)
SMB (139 and 445)
Configuration of default port usage via GPO with Registry key
For added security of not having to deal with a dynamic range of ports that WMI use, you can limit it with this registry file, I recommend deploying this via GPO to ensure that all your servers have the same settings.
To set the default ports for all the servers via gpo a registry key file needs to be imported to all the machines
example file:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet]
“PortsInternetAvailable”=”Y”
“UseInternetPorts”=”Y”
“Ports”=hex(7):35,00,30,00,30,00,30,00,2d,00,35,00,31,00,30,00,30,00,00,00,00,\
00,00,00
this registry key will set default ports as per MS article 217351
the KB recommends that a min of 100 ports above 5000 should be set for use, this registry key will set ports 5000-5100 for use on the systems.
to manually import this copy above lines into a .reg file and execute, for windows core create the file and run regedit /s blah.reg.
Hope this helps.
One more week..
So one more week to go and ill be having a jam session with my mates, I hope all this practice I have done will pay off. I know that at the very least it will a heap of fun.
So far we have all agreed to learn two songs (covers) Heaven and Hell, by Black Sabbath (DIO) and Anarchy in the UK (Sex Pistols) Both songs are quite fun, we are still missing a drummer however and it will be a little difficult because of this, but I am sure we will have a lot of fun.
Ray Bradbury has passed away
Posted by madao666 in Uncategorized on June 7, 2012
http://news.slashdot.org/story/12/06/06/1455234/ray-bradbury-has-died
This is a very sad time, when I read 451 ithad a deep impact on me, what sort of a society would burn books, when will it be a social norm for having a team who can pump your stomach 24/7, we have people today trying to legitimize drug use. We don’t have any fun parks where people can go to break things and be as violent as they can be. But I am sure that it’s only a matter of time.
Music Practice
So over the last week, I have kept to it and have practiced my bass guitar for at least twenty minutes a night. I have seen some minor improvement but more of a wall with with the only way to climb it is hard work and diligence.
an example of a typical study routine:
- Warm up (basic fretwork doodling) — more on this later
- Scales (concentrate on a type of scale don’t go to fast work on perfection not speed)
- Arpeggio (again not to fast, keep up a normal pace and focus on fretwork and the tones)
- Song -pick a song that you enjoy and practice it in parts, work on the chorus until you can play it perfectly then move on. make sure you listen to the song and take your time with it, breaking it down into parts makes it easier to see the big picture and it is not as daunting, make sure you take note of the timing, listen to the drums and try to get a feel when and why the guitarists do flourishes in their music.
Xen, cloudstack setup
Posted by madao666 in Uncategorized on June 4, 2012
Hey guys, over the next few days ill be writing up a few words on setting up a small ‘cloud’ instance with xen and cloud stack.
being very interested in Virtualisation solutions I hope to increase the amount of information on this site about virtualisation as well as info on music and perhaps some creative writing (odd mix no?)
Talk to you all soon!
Tonights practice
Posted by madao666 in Uncategorized on May 24, 2012
Things have went well. I spent thirty minutes practicing two C arpeggio positions and I also ran through a part of the song I am having trouble with (heaven and hell by black sabbath) hopefully I can do at least the same tomorrow, going to work out a schedule with a cool program I found, I’ll try to post the schedule as soon as I can
Learning Music
So I have been playing my Bass guitar on and off now for a couple of years, it has been one of the most enjoyable things I have ever picked up. I have to say almost an addiction, however besides from learning a new songs and making some random noises on it, I really do not have any sort of musical training behind me, over the next couple of months I plan to change this and perhaps blog about it. What I hope to achieve:
- Sight read musical notation
- Learn basic scales and arpeggio technique for chords
- Repair and maintain my bass guitars
- Write my own music and improvisations
- Ear training
I have started working on the scales and arpeggio’s for now, and I have seen a very bung up Squire pbass for sale at a local pawn shop which is going cheap. So I am thinking of purchasing that and pulling it apart to see how it works.
Ill keep this updated with progress and perhaps some music theory, hopefully I can become a better musician and post some stuff up for the world to listen to.
