My notes, things I have learned, and documentation I have created.

A couple things I discovered when attempting to remove the jailbreak from my iPhone 4s:

1) You cannot just delete the Cydia icon. When you press down on the icon and all the icons start wiggling, you have no option to press the “x” to delete the icon.

2) If you try to reset the phone by going to Settings/General/Erase All Content and Setting, this process will either never start or never finish. You end having to hold Power+Home to restart the phone.

So I tried to restore the phone. I was running 5.0.1 and wanted to keep it that way. Now, the simplest way to do it would have been to put the phone in DFU mode and download and restore the latest version of IOS from Apple. However, as I stated I wanted to try to keep the same version of IOS, 5.0.1 in my case. I downloaded the latest version of redsn0w , unzipped it and ran it. With the phone in DFU mode, I chose Extras/Even More/Identify. This verified that my phone was in DFU mode. Next, I went into Extras/Even More/Restore, and clicked ISPW and browsed to the version of IOS I wanted to restore. At this point, you are prompted to browse to the most current version of IOS (5.1.1 in my case). This is required to upgrade the baseband. If you do NOT want upgrade the baseband, DO NOT DO THIS! Once the latest version of IOS has been identified, you need to tell redsn0w where to find your shsh blobs. I chose remote to pull them from the Cydia servers, Once that is done, click Next and the baseband is upgraded and IOS 5.0.1 is restored. If you want to preserve your baseband, then you need to go the Extras/Custom IPSW route.

While trying to connect to shared printer on a Windows 2003 server (32 bit) from a Windows 7 (32 bit) client, I kept getting a “Windows cannot connect to the printer. Operation failed with error 0x0000002.” I stumbled on an interesting little trick to get around this issue.

First, I created the printer locally and allowed Windows 7 to install the appropriate driver. After the printer has been created, I went into the printer Properties and clicked on the Ports tab. Then, Add Port… Select Local Port, and click New Port… Enter the UNC to the printer share name. For example, \\servername\printersharename.

Then, the printer worked an used the Windows 2003 print share. It is not the cleanest solution, but it does get the printer working using the shared printer on the Windows 2003 server.

You can use the scutil command to change the hostname of a MacOS computer.

$ hostname
mycomputer.domain.com

$ sudo scutil –set HostName mynewcomputername.domain.com
$ hostname
mynewcomputername.domain.com

Likewise, you can change the ComputerName variable too:

$ sudo scutil –set ComputerName mynewcomputername.domain.com

I keep forgetting the location of this setting, so I am documenting it so I can find it easilly next time.

Tested on Windows 7.

To configure a Windows computer to execute a login script whenever anybody logs in to the machine, you can you use the Local Group Policy Editor. From the command prompt or “Search programs and file”, launch the Local Group Policy Editor by entering gpedit.msc. Then, navigate to User Configuration\Windows Settings\Script (Logon/Logoff). Double click Logon, and add the script. Note: you can use PowerShell scripts as well, but do that under the PowerShell Scripts tab so the correct command line interpreter is used. Also, if you have user specific portions of the script, you should construct the logic of your script as such. The Logoff option works the same way.

Last week, I called AT&T to have my iPhone 3Gs unlocked by Apple under AT&T’s new unlock policy. I had already unlocked this phone using Ultrasn0w, but I wanted to see if I would be able to just do the IOS updates using redsn0w and that is it. I have to use redsn0w, because I have baseband 06.15.00 on this phone.

Well, it turned out that yes, I can just use redsn0w, but I still had this annoying issue with MMS. In order to fix that, I needed to jailbreak the phone again.

Here is the procedure I used.

Again, this is an iPhone 3Gs running IOS 5.0.1 baseband 06.15.00 unlocked using ultrasn0w. I called AT&T with my IMEI number and had them send the unlock request to Apple. I got the email pretty quickly from AT&T telling me my phone had been unlocked and that I just needed to restore it to activate the unlock.

Software installed/downloaded:

OS: MacOS Lion 10.7.3
iTunes 10.6.1
iPhone2,1_5.1_9B176_Restore.ipsw
redsn0w_mac_0.9.10b6b.zip

First, connect the phone to your computer using the USB cable.

From iTunes, right mouse click on the phone under DEVICES and select Backup.

With your phone backup complete, create a custom IPSW IOS installation package using redsn0w:

Unzip the redsn0w download, and execute the redsn0w.app.

Select Extras.

Select Custom IPSW, and browse to the location where your saved you IOS 5.1 download (iPhone2,1_5.1_9B176_Restore.ipsw).

On the next screen, select whether you have the old iPhone 3Gs or newer. I have the original 3Gs, so I selected No.

To determine which version you have:
Put the phone in DFU mode. In MacOS Lion, bring up System Information by clicking Apple/About this Mac and selecting System Report. Then, click USB and look for Apple Mobile Device (DFU Mode). Look at the Serial Number line for iBoot. The number following iBoot will help you determine whether your 3Gs in the old version. 359.3 is the old version. Anything above that is the newer version.

This will create a file called NO_BB_OLDROM_iPhone2,1_5.1_9B176_Restore.ipsw. This is the file you are going to use to restore your iPhone from.

Ensure that you have your phone connected to your computer. Put the iPhone in DFU.

Here is the procedure I have used to put the phone in DFU mode:

With the phone on and unlocked, hold the Power and Home button. When the screen goes completely black, count to 2. Then, release the Power button and remain holding the Home button for 10-15 seconds. iTunes will report that the device is in recover mode. Now, I have done this several times, and have fairly confidently determined that this is not DFU mode. If you try to restore with the phone like this, you will get a 1600 error. This is what I have done consistently that last few times that has worked every time. Once in recover mode as determined by iTunes, I fire up redsn0w again. Click Extras, and Pwned DFU. This quickly puts the phone in DFU mode, so you can restore your custom IPSW.

Once in DFU mode, go back to iTunes, select your phone from DEVICES, if not already there, and hold the option key and click Restore.

Browse to your newly created custom IPSW file (NO_BB_OLDROM_iPhone2,1_5.1_9B176_Restore.ipsw), and click Open. IOS 5.1 will be installed and the phone will reboot and prompt you to restore settings from a backup or setup the phone as new. Now, because Apple had unlocked my phone, at this point I got the message congratulating me for successfully unlocking my phone.

Cool. Except for one problem. I was hoping that this (new redsn0w + IOS 5.1) would also fix the inability to send MMS messages without using iMessage. Well, it didn’t. I am using a T-Mobile SIM in the phone, so I thought I might try setting Cellular Data APN or the MMS APN to either epc.tmobile.com or wap.voicestream.com. Neither of these worked.

So, I went back to jailbreaking (untethered supported). With the phone connected, I fired up redsn0w again, and this time selected jailbreak. Again, the phone needs to be in DFU mode. This took me a couple tries, because the first time it did not appear to go through the jailbreaking process. But it did the second time.

Once the phone rebooted, I verified that I had the Cydia icon installed. Funny note, it was right back where I had it before I started this process.

I started Cydia, and updated as prompted. I go the developer route, and update everything.

Once updated, and Cydia or the phone was restarted, I navigated to Sources, clicked Edit and Add to add the following repository:

http://beta.leimobile.com/repo

Once the repository was added, I tapped the newly added repository to browse the packages available. I selected MMS Tmobile Fix, and installed it.

Then, I navigated to the phone Settings/General/Network/Cellular Data Network.

Cellular Data APN: epc.tmobile.com
MMS APN: wap.voicestream.com

And that was it. So, I guess in the end, I only got rid of needing Ultrasn0w, but at least I have MMS working and have IOS 5.1.

Platform: CentOS 6 x86_64

I knew when I implemented my split DNS solution years ago that I wanted to try to keep one recursive and open to use for queries. I wanted this more for my convenience (testing, and I could remember my address) when working on issues outside my own network. I knew at the time that I was taking a risk. It seemed like it was more about resources than security. I have two DNSs, but only the one was open to queries without restriction. Well, after probably about 10 years running like this, I finally had a need to add some ACLs and close up my convenient access. I was hit by several very long flurries of requests for isc.org. Because I have such limited bandwidth, it was quickly pretty obvious that something was wrong.

Initially, I looked to my gateway server. And this stumped me for a while, because I detected nothing wrong or any unusual traffic volume. However, a quick trace and look at the DNS logs on my secondary server revealed the requests. They would go on for hours and hours, but they would stop once in a while for a few hours before starting up again.

My initial approach was to block the IP address the queries were coming from, and hope to preserve my convenient access to my own recursive lookup server. I also found this interesting solution using iptables to block any requests to isc.org:

iptables -A INPUT -p udp -m string --hex-string "|03697363036f726700|" --algo bm --to 65535 -j DROP

But this does not seem practical to somebody who uses services provided by the Internet Systems Consortium, and does actually find myself on the site once in a while. While this solution does not really work for me in this case, it certainly enlightened me to adding this to my arsenal for some other situations. All you need to do is convert the URL to hex and create your iptables statement.

After watching the requests continue to come in despite being dropped at my firewall, I decided that it finally come to an end. I gave in an have added the ACLs to my external DNS servers.

In the /var/named/chroot/etc/named.conf:
...
acl "AllowToQuery" {
// Add subnets I trust to use my DNS for queries.
aaa.bbb.ccc.ddd/xx;
eee.fff.ggg.hhh/yy;
iii.jjj.kkk.lll/zz;
localhost;
};
...
// Added the ACL after DDOS attacked - repeated queries for isc.org.
allow-query { AllowToQuery; };
...

The allow-query statement was added to my external view, since I am running a split DNS. Having the ACLs setup this way eventually caused the request to stop.

Despite having ssh enable on both ESXi 5.0 servers, I found that I could copy to the server from a desktop client or non-ESXi server without issue. However, when I wanted to copy between ESXi servers it did not work. It would just timeout:

ssh: connect to host la-host04 port 22: Connection timed out

I have discovered that the issue is the Security Profile on each of the ESXi servers. Through the vSphere client, you need to click on the ESXi server, then click on the Configuration tab. From here, select Security Profile, and click on the Firewall Properties …

Then, you just need to check off the SSH Client under Secure Shell. This will open up ssh communication between ESXi servers. You can restrict the settings by accessing the Firewall Settings for any of the services.

UPDATE 1:
To enable from the command line using esxcli:
To list your current configuration:
# esxcli network firewall ruleset list

To enable sshClient to enable copying using ssh:
# esxcli network firewall ruleset set –ruleset-id sshClient –enabled yes

To refresh the configuration:
# esxcli network firewall refresh

UPDATE 2:
For ESXi 5.1 Update 1:
# esxcli network firewall ruleset set -e true -r sshClient

I needed to create an ISO image from a CDR in MacOS Lion. Here is how I was able to do it:

Insert the CD.

Open the Disk Utility.

Click on the mounted CD in the Disk Utility.

Click New Image.

Select “DVD/CD master” for the Image Format.

Encryption: none.

Click Save.

This will create MacOS compatible .cdr image. To convert this image, so that it is Windows/Linux compatible:

Open Terminal and navigate to where you create your .cdr image.

Enter the following command:

hdiutil makehybrid -iso -joliet -o filename.iso filename.cdr

Finally, I have discovered a very simple utility from Microsoft to create a bootable USB flash drive to install Windows. I used this to create a Windows 2008R2 installable flash drive, and it works great. However, this utility only seems to work for certain versions of Windows, and only Windows.

http://www.microsoftstore.com/store/msstore/html/pbPage.Help_Win7_usbdvd_dwnTool

This one presented quite a challenge for me. It seems that the magical solution is using the right versions. There are a number of ways (supposedly) to install ruby on rails. I started out trying to use ruby packages included in CentOS. I quickly realized that was not going to work. It kept running all kinds of issues with libraries missing or incorrect versions. So then, I opted to just build from source. Well, this got me much closer but I ended up having an openssl issue that I thought I resolved, but the gem command was having all kinds of issues. Something clearly was not right. So, I then went back to using RVM, which I had tried earlier. This time I started completely over with a new HPCloud CentOS 5.6 image. The following is what worked for me.

As I mentioned above, I started with a clean HPCloud CEntOS 5.6 image ( ami-000004d2 – local (CentOS 5.6 Server 64-bit) ).

# yum groupinstall “Development Libraries” “Development Tools”

The next step, of course, turned my 5.6 instance into a 5.7 instance:
# yum update
# shutdown -r now

Add the EPEL repository:

# cd /usr/local/src
# wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
# rpm -ivh epel-release-5-4.noarch.rpm
# yum install git

Remove certificate requirement for curl, when installing rvm:
# echo insecure >> ~/.curlrc

# bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) # vigr ... rvm:x:500:root Update environment variables: # source /etc/profile.d/rvm.sh Install other dependencies for ruby determined by running rvm requirements:
# yum install -y gcc-c++ patch readline readline-devel zlib zlib-devel libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake libtool bison iconv-devel

# rvm install 1.9.2
# rvm use 1.9.2

Note: You can use the following command to make this version the system default:
# rvm use 1.9.2 –default

To verify that all is right at this point:
# type rvm | head -1
rvm is a function is the expected output.

# cd $(rvm gemdir)

The following will install the gem command:
# rvm rubygems current

This will allow you to install rails:
# gem install rails

This has allowed me (rails is not needed for this) to install hpcloud command to manage my Storage Object.

# wget http://build.hpcloud.com/sites/default/files/downloads/hpfog.tar
# tar -xvf hpfog.tar
# wget http://build.hpcloud.com/sites/default/files/downloads/hpcloud.tar
# tar -xvf hpcloud.tar
# gem install hpfog-x.x.x.gem
# gem install hpcloud-x.x.x.gem

# hpcloud
Tasks:
hpcloud account:setup # set up or modify your credentials
hpcloud acl