After having to look this up a third time, I found . I made a copy here.
In short, Microsoft fucked up and you're left with the command line to do this, unless the wireless network is in range.
The following commands list all the WIFI networks you have stored, and removes the one called "Old Network":
netsh wlan show profiles netsh wlan delete profile name="Old Network"
See Vonnie's blog for more details.
It seems VMware has removed the GUI for the disk shrink feature in VMware Tools, but the good news is it's still available from the console.
The following command will shrink the disk image for drive C:
C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe disk shrink c:\
When changing your password on a samba (Linux) server, the tokens a Windows machine holds get invalidated, yet Windows does not automatically prompt for new credentials. Instead, it consistently says "access denied" when trying to access a previously available share, say, \\myfineserver\share
If you previously mapped this drive, disconnecting is trivial in explorer, but if you browsed the network to access this drive, it's not that straight forward.
There is a solution, however, which is roughly equivalent to nuking the site from orbit. Running the following commands will clear all current network credentials:
net use * /del /yes net use /persistent:no
The simplest way I've found so far:
Edit /etc/xdg/lxsession/LXDE/autostart to append:
@xset -s off
@xset s noblank
- Download Cygwin (http://www.cygwin.com/)
- Install Cygwin, selecting the autossh package.
- Start the Cygwin shell (Start -> Programs -> Cygwin).
- Generate a public/private key pair.
- At the command line, run: ssh-keygen
- Accept the default file locations
- Use an empty passphrase
- Copy your newly-created public key to the SSH server.
- scp .ssh/id_rsa.pub email@example.com:id_rsa.pub
- Add your public key to your list of authorized keys on the server.
- Login to your SSH server.
- mkdir .ssh
- cat id_rsa.pub >> .ssh/authorized_keys
- Test your key.
- Logout of your SSH sever.
- Login to your SSH server again. This time, your key will be used for authentication and you won't be challenged for your login credentials. If you are not logged in automatically, review the previous steps. Or contact your server administrator.
- Logout of your SSH server.
- Exit of the Cygwin shell.
- Install autossh as a Windows service.
- Now back in Windows, open a new command Window (Start -> Run -> cmd).
- cd C:\cygwin\bin
- cygrunsrv -I AutoSSH -p /usr/bin/autossh -a "-M 20000 -L localaddress:port:serveraddress:port firstname.lastname@example.org" -e AUTOSSH_NTSERVICE=yes
- Tweak Windows service settings.
- Open the Services management console (Administrative Tools -> Services).
- Edit the properties of the AutoSSH service.
- In the "Log On" tab, select the "This account" radio button and set the service to run as your current user.
- Start the service.
- Test your tunnels.
- Consider making a scheduled task to start the service every hour or so, in case autossh goes boom.
On this thin client I've set up, I wanted pulseaudio to run before logging in, and not have any specific users on the machine. System mode was called for.
On Wheezy, pulseaudio is by default configured for per-user sessions. To remedy this, edit /etc/default/pulseaudio, putting PULSEAUDIO_SYSTEM_START=1
Then, edit /etc/pulse/system.pa - this is the file that configures the server when system mode is used, as opposed to /etc/pulse/default.pa. At the end of said file, I added two lines and some comments:
### Enable TCP and CLI load-module module-native-protocol-tcp port=1500 auth-anonymous=1 load-module module-cli-protocol-unix
Please keep in mind that the above tcp line allows access from any host. This is a potential security problem. I restrict access using shorewall and iptables, but an alternative would be the auth-ip-acl option with a list of approved IP's. More here. Restart pulseaudio:
/etc/init.d/pulseaudio start /etc/init.d/pulseaudio restart
The above restart includes "start", because pulseaudio's default script does not start it on "restart" unless it's not already running. Stupid.
Because pulseaudio now runs as the "pulse" user, commands like pacmd are a pain to use. However, as we made sure to load module-cli-protocol-unix above, they are actually usable, you just have to run them as the "pulse" user, and point it at the correct directory.
sudo PULSE_RUNTIME_PATH=/var/run/pulse -u pulse pacmd
To get access to playing sound, you now need to run anything as "pulse"... or you can simply use the TCP socket you made. Edit /etc/pulse/client.conf and set "default-server" to "localhost:1500" or similar:
default-server = localhost:1500
Now set up SSH port forwarding for port 1500, or whichever port you used above, with something like autossh and public key logins, and you've got remote sound playing over an encrypted tunnel. Neat.
Remember to set the default-server for client computers as well.
On my Debian KVM hosts, and on the firewalls that guard them, I noticed that every two minutes, plus a couple seconds or so each time, I'd see blocked IGMP packages from 0.0.0.0 to 18.104.22.168. Googling around, I found this post, explaining that it's the multicast_snooping option for bridge-utils that's causing it. Being KVM hosts, they are indeed configured with bridges.
I added the following line to my Bash startup scripts in /etc/rc.local, and the issue is now gone:
( shopt -s nullglob; for ms in /sys/devices/virtual/net/br*/bridge/multicast_snooping; do echo -n 0 >"$ms"; done )
In short, it runs a subshell, sets the nullglob option to prevent running on a file with an asterisk in the name if no bridges were found, then puts a 0 into all found multicast_snooping configuration files. Problem solved!
Note: If you use virtual interfaces, those are in /sys/devices/virtual/net/virbr and require the same treatment.
Programs like virt-manager and gedit commonly use dbus. Dbus running will prevent a clean exit of ssh -X, making it hang on exit until you press ctrl+c or kill dbus manually.
To avoid having to kill dbus manually, let's kill it automatically
Now, normally if I want to run virt-manager (or anything else graphical) on a remote machine with X forwarding, I'd use a command like
ssh -X root@remote-server virt-manager
Instead, I want to use dbus' ability to output sh-compatible commands to set invironment variables and kill the PID I get from that before exiting, like so:
ssh -X root@remote-server 'eval $(dbus-launch --close-stderr --sh-syntax); virt-manager --no-fork; kill -TERM $DBUS_SESSION_BUS_PID'
Problem solved! The remote shell (bash) now starts dbus manually instead of letting virt-manager do it, waits for virt-manager to exit (--no-fork), then kills dbus and exits.
On a single user desktop, you might want to run cygwin sshd autostarted as a specific user, without privilege separation. Here's a short reference:
- Disable UAC
- Open a Cygwin terminal
- Select "no" on privilege separation
- Enter nothing, , as the value of CYGWIN for the daemon
- Select "yes" to use a different username than cyg_server
- Enter your username, twice
- Enter your password, twice
- Edit (with your favorite editor) /etc/sshd_config
- Edit the UsePrivilegeSeparation line to say "UsePrivilegeSeparation no" (why the hell didn't step 4 do this?)
- Go to the windows firewall settings (just type "firewall" into the start menu search - look under "settings")
- Go to "advanced settings"
- Go to "Inbound rules"
- Add a new rule
- Select "Port"
- Select "TCP" and enter "22" as the specific local port
- Select "Allow the connection"
- Select when to apply the rule (default all cases)
- Give it a name, like "SSH"
If you later change your password, you will have to start "services.msc", find the Cygwin ssh service and change your credentials on it as well.
After IE6, usernames and passwords in URL's are no longer enabled by default in Internet Explorer, the reasoning being that saving usernames and passwords in the browser history and referral headers is a very, very bad idea. Still, it's sometimes needed, especially when dealing with old IP cameras, which is when I last bumped into this issue.
If you're not sure what I'm on about, I'm referring to links like these: http://user:email@example.com/
To re-enable this feature:
- Open RegEdit (Start->Run->"regedit")
- Navigate to [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE].
- Create two new REG_DWORD values, set to 0, named "iexplore.exe" and "explorer.exe"