My notes, things I have learned, and documentation I have created.

I keep forgetting the location of this setting, so I am documenting it so I can find it easilly next time.

Tested on Windows 7.

To configure a Windows computer to execute a login script whenever anybody logs in to the machine, you can you use the Local Group Policy Editor. From the command prompt or “Search programs and file”, launch the Local Group Policy Editor by entering gpedit.msc. Then, navigate to User Configuration\Windows Settings\Script (Logon/Logoff). Double click Logon, and add the script. Note: you can use PowerShell scripts as well, but do that under the PowerShell Scripts tab so the correct command line interpreter is used. Also, if you have user specific portions of the script, you should construct the logic of your script as such. The Logoff option works the same way.

Last week, I called AT&T to have my iPhone 3Gs unlocked by Apple under AT&T’s new unlock policy. I had already unlocked this phone using Ultrasn0w, but I wanted to see if I would be able to just do the IOS updates using redsn0w and that is it. I have to use redsn0w, because I have baseband 06.15.00 on this phone.

Well, it turned out that yes, I can just use redsn0w, but I still had this annoying issue with MMS. In order to fix that, I needed to jailbreak the phone again.

Here is the procedure I used.

Again, this is an iPhone 3Gs running IOS 5.0.1 baseband 06.15.00 unlocked using ultrasn0w. I called AT&T with my IMEI number and had them send the unlock request to Apple. I got the email pretty quickly from AT&T telling me my phone had been unlocked and that I just needed to restore it to activate the unlock.

Software installed/downloaded:

OS: MacOS Lion 10.7.3
iTunes 10.6.1
iPhone2,1_5.1_9B176_Restore.ipsw
redsn0w_mac_0.9.10b6b.zip

First, connect the phone to your computer using the USB cable.

From iTunes, right mouse click on the phone under DEVICES and select Backup.

With your phone backup complete, create a custom IPSW IOS installation package using redsn0w:

Unzip the redsn0w download, and execute the redsn0w.app.

Select Extras.

Select Custom IPSW, and browse to the location where your saved you IOS 5.1 download (iPhone2,1_5.1_9B176_Restore.ipsw).

On the next screen, select whether you have the old iPhone 3Gs or newer. I have the original 3Gs, so I selected No.

To determine which version you have:
Put the phone in DFU mode. In MacOS Lion, bring up System Information by clicking Apple/About this Mac and selecting System Report. Then, click USB and look for Apple Mobile Device (DFU Mode). Look at the Serial Number line for iBoot. The number following iBoot will help you determine whether your 3Gs in the old version. 359.3 is the old version. Anything above that is the newer version.

This will create a file called NO_BB_OLDROM_iPhone2,1_5.1_9B176_Restore.ipsw. This is the file you are going to use to restore your iPhone from.

Ensure that you have your phone connected to your computer. Put the iPhone in DFU.

Here is the procedure I have used to put the phone in DFU mode:

With the phone on and unlocked, hold the Power and Home button. When the screen goes completely black, count to 2. Then, release the Power button and remain holding the Home button for 10-15 seconds. iTunes will report that the device is in recover mode. Now, I have done this several times, and have fairly confidently determined that this is not DFU mode. If you try to restore with the phone like this, you will get a 1600 error. This is what I have done consistently that last few times that has worked every time. Once in recover mode as determined by iTunes, I fire up redsn0w again. Click Extras, and Pwned DFU. This quickly puts the phone in DFU mode, so you can restore your custom IPSW.

Once in DFU mode, go back to iTunes, select your phone from DEVICES, if not already there, and hold the option key and click Restore.

Browse to your newly created custom IPSW file (NO_BB_OLDROM_iPhone2,1_5.1_9B176_Restore.ipsw), and click Open. IOS 5.1 will be installed and the phone will reboot and prompt you to restore settings from a backup or setup the phone as new. Now, because Apple had unlocked my phone, at this point I got the message congratulating me for successfully unlocking my phone.

Cool. Except for one problem. I was hoping that this (new redsn0w + IOS 5.1) would also fix the inability to send MMS messages without using iMessage. Well, it didn’t. I am using a T-Mobile SIM in the phone, so I thought I might try setting Cellular Data APN or the MMS APN to either epc.tmobile.com or wap.voicestream.com. Neither of these worked.

So, I went back to jailbreaking (untethered supported). With the phone connected, I fired up redsn0w again, and this time selected jailbreak. Again, the phone needs to be in DFU mode. This took me a couple tries, because the first time it did not appear to go through the jailbreaking process. But it did the second time.

Once the phone rebooted, I verified that I had the Cydia icon installed. Funny note, it was right back where I had it before I started this process.

I started Cydia, and updated as prompted. I go the developer route, and update everything.

Once updated, and Cydia or the phone was restarted, I navigated to Sources, clicked Edit and Add to add the following repository:

http://beta.leimobile.com/repo

Once the repository was added, I tapped the newly added repository to browse the packages available. I selected MMS Tmobile Fix, and installed it.

Then, I navigated to the phone Settings/General/Network/Cellular Data Network.

Cellular Data APN: epc.tmobile.com
MMS APN: wap.voicestream.com

And that was it. So, I guess in the end, I only got rid of needing Ultrasn0w, but at least I have MMS working and have IOS 5.1.

AT&T was nice enough to finally allow those of us who have had to pay about $2400 for the privilege of using an iPhone on their network for the last two years the opportunity unlock our devices. It is about time AT&T stepped up on this one. Well, as soon as I read the statement from AT&T, I was all set. I have a 3Gs and a 4 that I have wanted to unlock since the day they were off contract. As you have seen in one of my previous posts, I have been able to successfully unlock my 3Gs and use it (with a couple minor issues). However, I would really prefer to do it legitimately, and maintain Apple supported updates.

First, about the unlock process. It is actually Apple that does the unlocking. AT&T sends the request to Apple, but Apple actually does it. Once your phone is unlocked, you just need to restore it, and when it goes through what is usually the activation process, it unlocks the phone and presents a message stating as such in iTunes. One thing to note, if you had you had your phone warranty replaced by Apple, AT&T will need to contact Apple to approve the unlocking. Apple will only unlock the phone, if AT&T tells Apple it is ok. I was able to have the AT&T representative place me on hold while she contacted Apple and told them it was approved to make sure the process went smoothly. The AT&T representatives were actually very helpful and a pleasure to deal with. Something, I absolutely did not expect. It was a pleasant surprise.

I have been able to successfully unlock my jailbroken iPhone4. I did have some minor complications, but it all stemmed from the fact that my hosts file had been modified (gs.apple.com) during some of my jailbreaking adventures.

I was running 4.3.3 on my iPhone. I restored/upgraded the phone to 5.1, after commenting out the gs.apple.com entry in my /etc/hosts file (MacOSX Lion). Once restored, I got the message in iTunes telling me I had successfully unlocked my phone. So, I have a newly updated iPhone 4 running IOS 5.1 unlocked.

My next challenge is getting my iPhone 3Gs 5.01 baseband 06.15.00 updated to IOS 5.1 unlocked. Unfortunately, I think I have passed the point of no return with that device, because the baseband is a iPad baseband. It was the only way I could unlock the phone at the time. Thanks for that one AT&T.

Platform: CentOS 6 x86_64

I knew when I implemented my split DNS solution years ago that I wanted to try to keep one recursive and open to use for queries. I wanted this more for my convenience (testing, and I could remember my address) when working on issues outside my own network. I knew at the time that I was taking a risk. It seemed like it was more about resources than security. I have two DNSs, but only the one was open to queries without restriction. Well, after probably about 10 years running like this, I finally had a need to add some ACLs and close up my convenient access. I was hit by several very long flurries of requests for isc.org. Because I have such limited bandwidth, it was quickly pretty obvious that something was wrong.

Initially, I looked to my gateway server. And this stumped me for a while, because I detected nothing wrong or any unusual traffic volume. However, a quick trace and look at the DNS logs on my secondary server revealed the requests. They would go on for hours and hours, but they would stop once in a while for a few hours before starting up again.

My initial approach was to block the IP address the queries were coming from, and hope to preserve my convenient access to my own recursive lookup server. I also found this interesting solution using iptables to block any requests to isc.org:

iptables -A INPUT -p udp -m string --hex-string "|03697363036f726700|" --algo bm --to 65535 -j DROP

But this does not seem practical to somebody who uses services provided by the Internet Systems Consortium, and does actually find myself on the site once in a while. While this solution does not really work for me in this case, it certainly enlightened me to adding this to my arsenal for some other situations. All you need to do is convert the URL to hex and create your iptables statement.

After watching the requests continue to come in despite being dropped at my firewall, I decided that it finally come to an end. I gave in an have added the ACLs to my external DNS servers.

In the /var/named/chroot/etc/named.conf:
...
acl "AllowToQuery" {
// Add subnets I trust to use my DNS for queries.
aaa.bbb.ccc.ddd/xx;
eee.fff.ggg.hhh/yy;
iii.jjj.kkk.lll/zz;
localhost;
};
...
// Added the ACL after DDOS attacked - repeated queries for isc.org.
allow-query { AllowToQuery; };
...

The allow-query statement was added to my external view, since I am running a split DNS. Having the ACLs setup this way eventually caused the request to stop.

Despite having ssh enable on both ESXi 5.0 servers, I found that I could copy to the server from a desktop client or non-ESXi server without issue. However, when I wanted to copy between ESXi servers it did not work. It would just timeout:

ssh: connect to host la-host04 port 22: Connection timed out

I have discovered that the issue is the Security Profile on each of the ESXi servers. Through the vSphere client, you need to click on the ESXi server, then click on the Configuration tab. From here, select Security Profile, and click on the Firewall Properties …

Then, you just need to check off the SSH Client under Secure Shell. This will open up ssh communication between ESXi servers. You can restrict the settings by accessing the Firewall Settings for any of the services.

UPDATE 1:
To enable from the command line using esxcli:
To list your current configuration:
# esxcli network firewall ruleset list

To enable sshClient to enable copying using ssh:
# esxcli network firewall ruleset set –ruleset-id sshClient –enabled yes

To refresh the configuration:
# esxcli network firewall refresh

UPDATE 2:
For ESXi 5.1 Update 1:
# esxcli network firewall ruleset set -e true -r sshClient

I needed to create an ISO image from a CDR in MacOS Lion. Here is how I was able to do it:

Insert the CD.

Open the Disk Utility.

Click on the mounted CD in the Disk Utility.

Click New Image.

Select “DVD/CD master” for the Image Format.

Encryption: none.

Click Save.

This will create MacOS compatible .cdr image. To convert this image, so that it is Windows/Linux compatible:

Open Terminal and navigate to where you create your .cdr image.

Enter the following command:

hdiutil makehybrid -iso -joliet -o filename.iso filename.cdr

Finally, I have discovered a very simple utility from Microsoft to create a bootable USB flash drive to install Windows. I used this to create a Windows 2008R2 installable flash drive, and it works great. However, this utility only seems to work for certain versions of Windows, and only Windows.

http://www.microsoftstore.com/store/msstore/html/pbPage.Help_Win7_usbdvd_dwnTool

This one presented quite a challenge for me. It seems that the magical solution is using the right versions. There are a number of ways (supposedly) to install ruby on rails. I started out trying to use ruby packages included in CentOS. I quickly realized that was not going to work. It kept running all kinds of issues with libraries missing or incorrect versions. So then, I opted to just build from source. Well, this got me much closer but I ended up having an openssl issue that I thought I resolved, but the gem command was having all kinds of issues. Something clearly was not right. So, I then went back to using RVM, which I had tried earlier. This time I started completely over with a new HPCloud CentOS 5.6 image. The following is what worked for me.

As I mentioned above, I started with a clean HPCloud CEntOS 5.6 image ( ami-000004d2 – local (CentOS 5.6 Server 64-bit) ).

# yum groupinstall “Development Libraries” “Development Tools”

The next step, of course, turned my 5.6 instance into a 5.7 instance:
# yum update
# shutdown -r now

Add the EPEL repository:

# cd /usr/local/src
# wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
# rpm -ivh epel-release-5-4.noarch.rpm
# yum install git

Remove certificate requirement for curl, when installing rvm:
# echo insecure >> ~/.curlrc

# bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) # vigr ... rvm:x:500:root Update environment variables: # source /etc/profile.d/rvm.sh Install other dependencies for ruby determined by running rvm requirements:
# yum install -y gcc-c++ patch readline readline-devel zlib zlib-devel libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake libtool bison iconv-devel

# rvm install 1.9.2
# rvm use 1.9.2

Note: You can use the following command to make this version the system default:
# rvm use 1.9.2 –default

To verify that all is right at this point:
# type rvm | head -1
rvm is a function is the expected output.

# cd $(rvm gemdir)

The following will install the gem command:
# rvm rubygems current

This will allow you to install rails:
# gem install rails

This has allowed me (rails is not needed for this) to install hpcloud command to manage my Storage Object.

# wget http://build.hpcloud.com/sites/default/files/downloads/hpfog.tar
# tar -xvf hpfog.tar
# wget http://build.hpcloud.com/sites/default/files/downloads/hpcloud.tar
# tar -xvf hpcloud.tar
# gem install hpfog-x.x.x.gem
# gem install hpcloud-x.x.x.gem

# hpcloud
Tasks:
hpcloud account:setup # set up or modify your credentials
hpcloud acl