Recovering From a Corrupt NetInfo Database on OSX.4

I managed to corrupt my NetInfo database on an OS 10.4 server a few weeks ago by not cleanly unmounting the drive after booting from DVD and resetting the admin password. Long story short, this left me with no users on the system at all. With no users, I could not log in to create one, so I had to blow away the NetInfo database and restore it to factory defaults. This should only be done when you only have a small number of users, and don’t mind having to re-create them. Only the user account information is deleted, and the user directory is retained, but you will have to manually add any users you may have back into the system through the GUI, making sure that the new “user” references the old “user’s” account directory.

If you have more than just one or two users, you should use the procedure to recover from one of your NetInfo database backups. A backup of your this database is made at 3:15 every day so long as the computer is running. It is stored in “/var/backups/”, and here are some instructions on how to recover it from it. If, however, you don’t care about re-adding users, and simply want to get into your system quickly, or if you don’t have a backup to restore from, here is how you can do it:

BEWARE: THIS WILL COMPLETELY ERASE ALL USER ACCOUNT INFORMATION FROM THE SYSTEM!!! You are warned.

1) Start by booting your Mac into single user mode. To do this, hold down both the “Apple” and the “s” keys as the system boots.

2) The system will have mounted the “/” filesystem read-only to protect against data loss. To get “/” mounted read-write, we have to run two commands:

# /sbin/fsck -fy

# /sbin/mount -uw /

3) Now “/” is mounted read-write, so we can start with the real work. First, rename your existing NetInfo database to something else so the OS will not see it on the way up:

# mv /var/db/netinfo/local.nidb /var/db/netinfo/local.nidb.bad

# mv /var/db/netinfo/network.nidb /var/db/netinfo/network.nidb.bad

4) Next, remove the “.AppleSetupDone” file so the OS will kick you back into the installer upon boot and you can recreate your users.

# rm /var/db/.AppleSetupDone

5) Finally, reboot your system and recreate your users, making sure they are pointed towards their existing account directories.

# reboot

Is Digg Broken?

Digg is a community-based website that allows its registered users to submit stories or articles that they feel might be of interest to others. Once submitted, the story appears as a link to the original source as well as a short description of the content. Other registered Digg users can then evaluate the content and either “Digg” or “Bury” the story depending on if they find it interesting or not. The theory is that those stories that get “Dugg” a lot will end up on the front page, while those that do not will vanish into obscurity.

The idea of having users rank content is a good one, but unfortunately Digg does not seem to work this way, which brings me to the point of this article. Digg is broken. Deliberately or not, it is failing to function in three very important ways:

1) Digg is censorship:
The way Digg figures out which story to promote to the front page is not based as much on how many people have “Dugg” it as it is on which particular user “Dugg” the story to begin with. If you are a user that is very active within the Digg community and have “Dugg” a large number of stories that end up being popular, the stories you “Digg” are far more likely to end up on the front page than stories that get “Dugg” by new users with no reputation.

Why is this a problem? Because when you go to Digg, you are only seeing links that a relatively small, elite group of Digg users want you to see. The vast majority of stories that get “Dugg” end up being relegated to obscurity because they were “Dugg” by average, everyday users and not the Digg elite.

2) Digg users are nasty:
When a story gets “Dugg” users have the ability to comment on it. Not only are these comments usually of little to no actual value, but they are often cruel and nasty as well. For a case in point look here.

The “Dugg” story reads:
When a California woman recently gave birth to a healthy baby just two days after learning she was pregnant, the sudden change to her life was challenging enough. What April Branum definitely didn’t need was a deluge of nasty Internet comments.
Nasty Digg user “Antifreese11″ commments:
wow legal action for voicing our opinions. what the fu** is America coming too. And really, they are trying to get us to sympathize with a fat slob who didn’t realize she was pregnant for 9 months? What kind of piece of sh** article is this. This is the most ridiculous thing i have read all week.

I’m the first to defend free speech, but the nasty comments that are so pervasive in Digg does not build community; it destroys it! What I don’t think these mean-spirited commenters realize is that such harsh words actually serve to silence people, taking away their voice that is protected by the first amendment. They don’t comment because they don’t want to deal with the angry, childish comments spewed fourth by many Digg users.

3) Digg readers generate traffic that is of minimal use to web publishers:
Having a story show up on the front page of Digg can generate an amazing amount of traffic to the author’s website. As a rule, this is a wonderful thing for any web publisher, but not so with Digg. The reason for this has to do with the way many sites earn money. Web publishers often make use of advertising on their site such as Google’s Adsense or Yahoo’s YPN. These ad services present visitors with contextual ads that they can click on should one of them seem useful. Each time a visitor clicks on an ad, the owner of the website earns some money for the referral.

Digg users almost NEVER click on ads!

I am in a position to have the actual statistics for three individual sites that use advertising and have had stories appear on the front page of Digg.

CTR stands for “Click Through Ratio” and is a measure of what percentage of visitors click through on an ad.
ECPM is a measure of an ad’s effective earnings per thousand impressions.


Example #1
Average CTR and ECPM:         CTR = 3.03%         ECPM = $2.57
CTR and ECMP on Digg day:     CTR = 0.79%         ECPM = $1.10

Example #2
Average CTR and ECPM:         CTR = 2.93%         ECPM = $1.35
CTR and ECMP on Digg day:     CTR = 0.86%         ECPM = $0.67

Example #3
Average CTR and ECPM:         CTR = 4.12%         ECPM = $3.80
CTR and ECMP on Digg day:     CTR = 0.28%         ECPM = $0.47

Which ads are shown to visitors and how Google or Yahoo decides which sites get the best paying ads to present is proprietary technology, but there seems to be a correlation with higher paying ads being presented on sites that have a high CTR. When a story gets “Dugg” the overall traffic goes WAY up, but the CTR goes WAY down, meaning Adsense or YPN most likely conclude the ads that are being presented are not targeting correctly. The theory goes that they then change out the higher paying ads that are being presented for lower paying ones so they can try to get them targeting well again. This is disastrous for the web publisher because the ads often don’t start performing well again for several days, even after the Digg traffic dies down.

To be fair, however, it is important to note that traffic is traffic and anytime a large number of people read a story the author is much more likely to receive incoming links, resulting in the all-important increase to Google rank. Still, one has to consider if gaining a few incoming links is worth the other headaches that come with being “Dugg”. Many people, for instance, experience major problems with their hosting provider when they receive all the traffic that Digg generates.

Digg is not pure evil, and despite all its problems, the service does seem to offer some value to its readers. I do have to call into question, however, the wisdom of web publishers making an effort to get onto Digg’s front page. I would conclude by strongly encouraging the architects of Digg to think long and hard about their strategic goals. The internet works best when it is used as a leveler to give everyone a voice on an even playing field. Digg’s tendency to reward its elite users, while silencing those who are less active runs counter to this principle and indicates serious moral problems with its design.

RHEL Winbind Authentication Against Active Directory

So you have a RHEL system and you want to authenticate it against your active directory. The good news is that Red Hat has made it easy for you to do this. The bad news is that they only get the most basic structure working for you. Here I will show you how to get WinBind authentication working using Authconfig, and how make it a little more seamless than this utility leaves it off.

It should be noted that while this works perfectly well, it is really not the best way to authenticate users against a UNIX host. Given the option, having your users in Open Ldap and PAM authenticating them against that would be a much better option. However, we don’t live in a perfect world, and sometimes we just have to make things work.

Let’s start by using authconfig to join your machine to the domain. This should all be done as the root user.

# authconfig

  • Select “Use Winbind” and Use “Winbind Authentication”. Remember to leave “Cache Information”, “Use MD5 Passwords” and “Use Shadow Passwords” selected.
  • Select “Next”
  • Under “Security Model” select “ads”
  • “Domains:” examplead (substatute with the name of your Active Directory)
  • “Domain Controllers:” adserver.domain.com (Again, substitute with the name of your Active Directory server)
  • “ADS Realm:” ADSERVER.DOMAIN.COM
  • “Template Shell:” /bin/bash
  • Select “Join Domain”
  • Select “OK”

Now your machine should be be on the domain. Test it to make sure you can see your AD users:

# wbinfo -u

You should see your users in the list.

The only problem is that to do anything with them, you have to express their user name in that annoying way Windows likes you to. Something like this:

“EXAMPLEAD\\username”

Not very usefull. To get around this, simply edit “/etc/samba/smb.conf” and change this line:

winbind use default domain = no

to this:

winbind use default domain = yes

You should now be able to express AD usernames without the domain nonsense before it. Try it:

# finger username
Login: username                            Name: Username
Directory: /home/EXAMPLEAD/username        Shell: /bin/bash
Never logged in.
No mail.
No Plan.

Finally check your “/etc/nsswhich.conf” file to make sure RHEL knows to use WinBind. Authconfig should have set this up for you, and it should have lines that look like this:

passwd:     files winbind
shadow:     files winbind
group:      files winbind

That should do it you should be able to create home directories for all your AD users and let them authenticate away. Have fun.

Using Sort to List Directories by Size

If you manage a UNIX system with a large number of directories that vary in size, chances are that you’ve needed to figure out which ones are using up the most disk space. Of course if the directories are user accounts, the best way to do this is to enable quotas and use the “repquota” command. If you just have a bunch of directories, however, you can easily figure out which ones are largest by giving the correct arguments to “du” and “sort”. Here is how:

du -sk * | sort +0nr

This will display the size of all directories and sort them from largest to smallest. If you want to sort them from smallest to largest, simply remove the “r”.

du -sk * | sort +0n

If you have nested directories, you will need to incorporate foreach to recurse through and get all the directory names.