Ah - a nice new feature in Blogger - the chance to add RSS feeds so you can see them from within the blog.
Nice. I can put my feeds there, and have two options where I can view them
BUT.....
I still use Google Reader. And ALL these new feeds appear there too. Duplicated. So how to get rid of them? Well, Blogger's help suggests a little trash icon appears which you can click on. It doesn't though. So I had to go and "stop following" each one in Blogger.
That's half an hour or so I won't be getting back.....
Sunday 28 March 2010
Saturday 27 March 2010
Mac: Chicken of the VNC full screen exit
Type in the key combination: [ctrl] + [alt/option] + [Apple] + [shift] + [`]
the twist is that sometimes taking out the [shift] works too so if one doesn’t work try the other.
the twist is that sometimes taking out the [shift] works too so if one doesn’t work try the other.
Mac: iPod nano (5th generation): How to copy your recorded videos to a Mac
To copy (or import) your recorded videos from your iPod nano to iPhoto or iMovie, you first need to make sure the "Enable disk use" checkbox is selected for your iPod within iTunes.
To watch the video in iPhoto, double-click the recorded video.
![[Event Library]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u4edMLgUQxLDGMHn5BOXg9LU8hJO35GDIwESW24acEZTnWUe0o7LRdEIwVcY3mBhP-bZy3ZTfYV_wM0f-mdkxkSzRu0r9lcoEHoSNQKJsUymP73Fidw76KeDK_Kf5vNZ3SZqcFT8CvrxaIz4X1g0pX5kd5vR4gP-fd7-5JT3J4Q4pa0A5rP6C8qU8=s0-d)
However, if you would like to import your recorded videos directly into iMovie '09 from your iPod nano (5th generation), follow these steps:
![[Import Window Button]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tO9L_fQApDbFaqIATp2GHnbBB3tE7aLPIET3HD9X6SR3ypuGseBP4Bk6EA96xNjrVhtDfq67fmlJcaYqXtLg40_H2tk0GpeEnRQLZUwv8-vB-suG61Is6WdlbTCBO-jkENKcSvSpq-Uopv_JUaEDrdVOeXn7CRqLMNQwDEvwmbf_XcNgn00o1TuTVQzPFQc7ZdGtvsdif0qQs=s0-d)
.
If you would like to import your recorded videos directly into iMovie '08 from your iPod nano (5th generation), follow these steps:
- Enable disk use and select the Apply button.
- Connect your iPod to your computer.
- Open iTunes (version 9 or later).
- Select your iPod in the Source pane.
- Select the Summary tab.
![[Enable Disk Use]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t7w37P0wKiF-41QigwGg4YsLYlaw1j06KnQVv0yz-Er3oIx4O_5h280qn2LcN2wNB8IESUNM-ffvzHRWtiMs1RDcWm8wlNQ0lGPJdCbChN30kfz35T_Fw2UvAh8ikdLgzbLvsO9A6AIZu5DpT9gldH-ruSr0bpk2491wSVd3MCxE7LcP8tbPQ=s0-d)
To import your recorded videos from iPod nano (5th generation) to iPhoto
- Open the iPhoto application if it doesn’t open automatically.
- Click iPod in the iPhoto device list.
- Select the video or videos to import. Click Import Selected or Import All.
- After the video or videos have been imported into iPhoto, choose either Delete Photos or Keep Photos when prompted to "Delete Photos on Your Camera."
![[Click iPod]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uR3djoRoDhXaHkqgFDZz3rJ1egE-2HRCJL_KEwbs_QKiboz0XJGefghZoRQLlPUuJ3YnxhFxOWySMxNJQZ_L11J_2J00kZI2Ni_luApb9PedtJZDPDa9c0Vz4O3fYaedTiAdLD5k4d-WSD5yTvC292f6NhaOXn2yy-FZMSOACaiCtwK2I-Dp2l=s0-d)
To watch the video in iPhoto, double-click the recorded video.
To import your recorded videos from your iPod nano (5th generation) to iMovie
Once you've imported recorded videos to iPhoto from your iPod nano (5th generation), you should be able to see your footage in iMovie, under iPhoto Videos in your Event Library.However, if you would like to import your recorded videos directly into iMovie '09 from your iPod nano (5th generation), follow these steps:
- Make sure you have iMovie '09, version 8.0.5 or later, installed.
- Launch iMovie. The Import window* should open, displaying all the clips from your iPod nano (5th generation).
- Import all or select clips from your iPod nano.
.If you would like to import your recorded videos directly into iMovie '08 from your iPod nano (5th generation), follow these steps:
- Launch iMovie '08.
- From the File menu, select Import > Movies:
- Select your iPod nano from the Device list on the left side of the import window.
- Your recorded video content will be in your DCIM folder. Select the desired clip and click the Import button to import into iMovie.
![[Import > Movies]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vcW0yNrlSFmGtNgtX6DaSsHIiTfK33_gfzv4_tkuUMXGraQosPeH0ONm1ttbQ6XvNDsHCMGTcU92SrghYvfLcHkSspILYSocFH4Aq5D7_zM4ZTxl6ndZ9WuTzo7sEtdmybBMxh5hjKjzK3LggaZrtl4SLw28s1n-Dm_lzFthZVI17Ats2SnTiD6_0=s0-d)
Mac: WMA to MP3
All2MP3 converts the WMA to WAV to MP3. Once the conversion is done you can play your new MP3’s in iTunes in Mac OS X as usual. It’s worth mentioning that it’s not just WMA’s that can be converted to MP3, All2MP3 converts these filetypes as well: APE, MPC, FLAC, WV, OGG, WMA, AIFF, WAV 
If you want to convert WMA files to MP3 in Mac OS X, try All2MP3 first. It’s drag and drop simple and no nonsense, you can download it FREE directly here:
http://www.tresrrr.com/All2MP3/ENGLISH.html
If you want to convert WMA files to MP3 in Mac OS X, try All2MP3 first. It’s drag and drop simple and no nonsense, you can download it FREE directly here:http://www.tresrrr.com/All2MP3/ENGLISH.html
Mac: Keyboard shortcuts
GUIDE TO KEYBOARD SYMBOLS
TOP 6 HANDIEST OS X KEYBOARD SHORTCUTS
| KEY | WHAT IT DOES |
| ⌘ | Command (sometimes referred to as the “Apple key”) |
| ⌥ | Option |
| ⇧ | Shift |
| ⌃ | Control |
| ⎋ | Escape |
TOP 6 HANDIEST OS X KEYBOARD SHORTCUTS
KEY COMBO | WHAT IT DOES |
Command-H | Hides current app window (doesn’t work in all apps, particularly Adobe apps, which often use a different key combo for Hide, but it works in all Apple software and many other popular apps). |
Command-Shift-3 | Snaps a screenshot of the entire screen. |
Command-Shift-4 | Brings up crosshairs so you can draw a box around just the part of the screen you want to capture. (If you press Tab or Space after Command-Shift-4, then click on the window, you’ll get a clean shot of just that window, and nothing else.) |
Command-Tab | Lets you tab through open applications to choose another app to switch to. |
Command-Spacebar | Opens the Spotlight field without having to click its icon in the menubar. |
Command-Option-Escape | Lets you force-quit a misbehaving or stalled app. |
Mac: Time Machine Backup intervals
Time Machine is set to automatically back up every hour, but if you would like to change it to every half hour, you can use the following Terminal (/Applications/Utilities) command:
You will need to authenticate as an administrator, since this command is run under a "sudo." The time interval is measured in seconds, so you can enter any time you wish there; just make sure it is in seconds. By default, Time Machine backs up every 3600 seconds (every hour). If you wish to revert to the original, just replace "1800" with "3600."
sudo defaults write /System/Library/LaunchDaemons/com.apple.backupd-auto StartInterval -int 1800 You will need to authenticate as an administrator, since this command is run under a "sudo." The time interval is measured in seconds, so you can enter any time you wish there; just make sure it is in seconds. By default, Time Machine backs up every 3600 seconds (every hour). If you wish to revert to the original, just replace "1800" with "3600."
Mac: iTunes not wanting to download podcasts
Go away for a period of time, and if a podcast is very regular, iTunes will stop downloading altogether after 5 days. Frustrating.
Solution is to install the Update Expired Podcasts script from Doug's Apple Scripts for iTunes, and then run this on a schedule using iCal.
First, create a new event. Simply double-click the proper time on the proper day and an hour-long event appears. Double-click the event, and the edit window appears. From here you can name your event, identify the location and duration (all day vs. timed), set repeat options and the target calendar if you maintain more than one (I don't).
Now for the fun part. Below the calendar option you'll see "Alarm." Clicking it reveals several options:
Solution is to install the Update Expired Podcasts script from Doug's Apple Scripts for iTunes, and then run this on a schedule using iCal.
First, create a new event. Simply double-click the proper time on the proper day and an hour-long event appears. Double-click the event, and the edit window appears. From here you can name your event, identify the location and duration (all day vs. timed), set repeat options and the target calendar if you maintain more than one (I don't).
Now for the fun part. Below the calendar option you'll see "Alarm." Clicking it reveals several options:
- None (kind of self-explanatory)
- Message (presents a dialog box on your Mac and iPhone/iPod touch if synced via MobileMe)
- Message with sound (same as above with plus a system sound)
- Email (send an email message to a given address)
- Open file (Open a file on your Mac)
- Run Script
Mac: quicklookd and QTKitServer
I had a problem where the fan was going almost constantly, and huge amounts of CPU were being taken up.It seemed to be due to broken or corrupted .AVI files . This command fixed the former:
launchctl unload /System/Library/LaunchAgents/com.apple.quicklook.plist
and this highlights where the issues are:
top -u -s3
Mac: Remove files from Time Machine Backup
From http://www.macosxtips.co.uk/index_files/delete-large-files-from-time-machine-backup.html#unique-entry-id-236
Just enter Time Machine, locate the file you want to delete, right-click on it and choose "Delete All Backups..." But which files do you delete?
Mac: Sync to Dropbox
From http://www.macosxhints.com/article.php?story=20090929052128498
This method means no need to have the file copied - it uses symbolic links.
To do this, you need to use the Terminal. Since Dropbox allows you to choose where your Dropbox folder resides, there's no "one size fits all" solution, but here's the general syntax (replace username, foldername, and path/to/dropbox with your own values):
This method means no need to have the file copied - it uses symbolic links.
To do this, you need to use the Terminal. Since Dropbox allows you to choose where your Dropbox folder resides, there's no "one size fits all" solution, but here's the general syntax (replace username, foldername, and path/to/dropbox with your own values):
ln -s /Users/username/Documents/foldername /Users/path/to/dropbox/Files/Thursday 25 March 2010
Mac: Join PDFs in Finder
Open two PDFs in Preview, then choose View | Show Sidebar. When Sidebar pops up, just drag the pages of one PDF to the Sidebar of the other and hit Save. The two are now merged into one PDF doc.
BUT... the new pages need to be dragged on TOP of the existing page for this to work!
BUT... the new pages need to be dragged on TOP of the existing page for this to work!
Mac: Path to folder in Finder
Terminal -
defaults write com.apple.finder _FXShowPosixPathInTitle -bool YES; killall Finder
Change YES to NO to disable
defaults write com.apple.finder _FXShowPosixPathInTitle -bool YES; killall Finder
Change YES to NO to disable
Mac: Screenshots
There are three basic kinds of screenshots: screen, selection, and window.
To take a screen screenshot, use the key combination: Cmd-Shift-3. To take a selection screenshot, use the key combination: Cmd-Shift-4. To take a window screenshot, first hit Cmd-Shift-4, then, tap on the spacebar. (Cmd-Shit-4+Space)
You can save any of the three kinds of screenshots to the clipboard (instead of the Desktop) by adding the Ctrl key to each one. So, instead of Cmd-Shift-3 to take a screen screenshot and saving it to your desktop, Cmd-Ctrl-Shift-3 will save the screenshot to your clipboard.
To take a screen screenshot, use the key combination: Cmd-Shift-3. To take a selection screenshot, use the key combination: Cmd-Shift-4. To take a window screenshot, first hit Cmd-Shift-4, then, tap on the spacebar. (Cmd-Shit-4+Space)
You can save any of the three kinds of screenshots to the clipboard (instead of the Desktop) by adding the Ctrl key to each one. So, instead of Cmd-Shift-3 to take a screen screenshot and saving it to your desktop, Cmd-Ctrl-Shift-3 will save the screenshot to your clipboard.
Mac: Spotlight issues
mdworker and mds using large amounts of CPU can in part be caused by constant indexing of certain folders, so add these Folders (such as Downloads) to the Privacy tab in Spotlight System Preferences panel.
Mac: Make hidden Dock icons transparent
Open Terminal.app (Applications > Utilities) and type the following command exactly:
defaults write com.apple.Dock showhidden -bool YES
Once you type the command and press enter, you need to restart the Dock by typing "killall Dock" and pressing enter. Once the Dock restarts and you hide applications, you will notice that hidden applications have a transparent look. If you want to reverse the command, just replace the "YES" with a "NO" and restart the Dock again.
defaults write com.apple.Dock showhidden -bool YES
Once you type the command and press enter, you need to restart the Dock by typing "killall Dock" and pressing enter. Once the Dock restarts and you hide applications, you will notice that hidden applications have a transparent look. If you want to reverse the command, just replace the "YES" with a "NO" and restart the Dock again.
Mac: .flac to MP3
From http://www.simplehelp.net/2006/07/15/how-to-convert-flac-files-to-mp3-using-os-x/
There are two steps in converting your .flac files to .mp3. The first is to decode the .flac’s into .wav files. After that’s done, you’ll encode the .wav files into .mp3’s.
Decoding .flac files with xACT
There are two steps in converting your .flac files to .mp3. The first is to decode the .flac’s into .wav files. After that’s done, you’ll encode the .wav files into .mp3’s.
Decoding .flac files with xACT
- Launch xACT and select the decode tab
- Click the add button
- Navigate to the .flac files you want to decode, select them all, and then click Add files
- Now you’ll need to select the output – I use and suggest .wav. Click Decode when you’re ready
- You’ll be prompted to choose a location to save the output files. Select the same folder where the .flac files are located and then click Choose
- Go put on a pot of coffee. The decoding process only takes a few minutes.
- When it’s completed you’ll be back at the decode screen but there won’t be any files in the decode list. Feel free to close xACT now.
- Open up iTunes and select iTunes from the top menu, and then Preferences… from the drop-down list
- Select the Advanced tab from the top menu, and then Importing from the lower menu
- From the Import Using: list, select MP3 Encoder
- From the Setting: list, select your quality preference. I happen to have a lot of space on my portable MP3 player, so I opt for Higher Quality (192 kbps)
- It also annoys me to have songs playing while they’re importing, so I disable that feature by removing the check from the box labeled Play songs while importing. This is entirely optional. Click OK to return to iTunes.
- Now select File from the top menu, and then Add to Library… from the drop-down list
- Navigate to the folder where you saved all of the .wav files from xACT, select that folder, and then click Choose
- iTunes will now import all of the .wav’s into iTunes. Find all of the newly added files (usually at the bottom of your iTunes list, but it depends on how you sort your music) and select them all. Once they’re all highlighted, right-click (ctrl-click for you one-button folks) on any of the selected songs and choose Convert Selection to MP3 from the pop-up menu.
- Remember that pot of coffee you put on while the .flac files were decoding? Now’s the time to get a cup. While iTunes is encoding your MP3s, a status indicator will appear in the left window (see image below). Depending on how “fast” your mac is (processor speed, memory etc) and how many files you’re encoding, this step can take anywhere from a few minutes to an hour.
- Once all of the files have been encoded, iTunes will probably beep to get your attention. Before you start listening to your music, now’s a good time to get rid of the .wav files, since they’re no longer needed. You should notice that ever other track in iTunes is highlighted. These are the .wav files – get them out of iTunes by clicking the delete key on your keyboard. If iTunes asks if you want to delete the files as well as remove them from iTunes, feel free to do so (you should still have the source .flac files if you ever need an uncompressed version again)
- That’s it! You’re done. You can now tag the files in iTunes, transfer them to your iPod etc. If you need to get at the MP3s, they will likely be located in Mac Hard Drive:Users:you:Music:iTunes:iTunes Music:
Copy Xterm contents
Redirect the output of a command to a text file, as opposed to your screen.
Code:
dmesg > /home/user/text.file
And then, to add to an existing text file without overwriting, do:
Code:
dmesg >> /home/user/text.file
Code:
dmesg > /home/user/text.file
And then, to add to an existing text file without overwriting, do:
Code:
dmesg >> /home/user/text.file
Move "My Documents"
Keeping the My Documents folder on a partition separate from the operating-system files can save you pain if you have to reformat the boot partition. You may also want to store it on a network share that gets backed up regularly. Right-click on My Documents on the desktop or in the Start menu and choose Properties. Click on Find Target to select the new location, and click on OK. In the Move Documents box, click on Yes to move the documents.
Office Clipboard Task Pane
When you press Ctrl-C twice, the Office Clipboard takes that as a signal to display what it's holding. It occupies the task pane on the right-hand side of the window in most Office applications, diminishing the space available for editing. If you don't want to see the Clipboard at all, simply click its Options button, uncheck all the options, and click the X icon at the task pane's top right corner. If you want the Clipboard to accumulate clips without getting in your face, leave the Collect Without Showing... option checked. You can always bring the display back by selecting Office Clipboard from the Edit menu. Any settings you select for the Office Clipboard will determine its behavior in all the programs that support it.
Remove Names from Outlook History List
Create a new mail message Start typing the name of the person you want to remove from the list. The list will popup.
If you know which one of these is incorrect, use your arrow keys (NOT your mouse) to arrow down to the one you want to remove.
Press the Delete key NOT the Back Space key.
This will remove that name from the History List.
If you know which one of these is incorrect, use your arrow keys (NOT your mouse) to arrow down to the one you want to remove.
Press the Delete key NOT the Back Space key.
This will remove that name from the History List.
Save Outlook attachments
To add a shortcut to a local or network folder, bring up Windows Explorer and drag & drop the desired folder onto any bar of the Shortcut Bar. Alternatively, the File -> New -> Outlook Bar Shortcut dialog can be used to add the folder to the Outlook Bar. Once the folder is on the Outlook Bar, any attachment can be easily dragged & dropped into the folder. The new shortcut provides the additional convenience of quick navigation to that folder from within the Outlook environment.
Also...
In the Registry, go to HKEY_CURRENT_USER\Software\Microsoft\Office\version \Outlook\Security (the version section will vary with the version of Office installed). Add or edit the value OutlookSecureTempFolder, entering the preferred location for the attachments, such as C:\Attachments.
Launch REGEDIT from the Start menu's Run dialog. Navigate to the specified key; the version is 9.0 for Outlook 2000, 10.0 for Outlook 2002 or XP, and 11.0 for Outlook 2003. If the OutlookSecureTempFolder value is not present in the right-hand pane, right-click in that pane and choose New | String value, then name the new value OutlookSecureTempFolder. Double-click on the value and enter the desired path; be sure to end it with a trailing backslash. Finally, restart Outlook. From now on, Outlook will use this path to store temporary copies of attachments you open.
Also...
In the Registry, go to HKEY_CURRENT_USER\Software\Microsoft\Office\version \Outlook\Security (the version section will vary with the version of Office installed). Add or edit the value OutlookSecureTempFolder, entering the preferred location for the attachments, such as C:\Attachments.
Launch REGEDIT from the Start menu's Run dialog. Navigate to the specified key; the version is 9.0 for Outlook 2000, 10.0 for Outlook 2002 or XP, and 11.0 for Outlook 2003. If the OutlookSecureTempFolder value is not present in the right-hand pane, right-click in that pane and choose New | String value, then name the new value OutlookSecureTempFolder. Double-click on the value and enter the desired path; be sure to end it with a trailing backslash. Finally, restart Outlook. From now on, Outlook will use this path to store temporary copies of attachments you open.
Remove IE Links Folder
Launch REGEDIT from the Start menu's Run dialog. Navigate to the key
HKEY_ CURRENT_USER\Software\Microsoft\ Internet Explorer\Toolbar. In REGEDIT's right-hand pane, find a String value named LinksFolderName and rename it to NOT_LinksFolderName (so you can easily reverse this change if you wish). Now right-click on the right-hand pane, choose New | String value, and name the new value LinksFolderName, leaving its data blank. When you delete the Links folder one final time, IE will not re-create it.
HKEY_ CURRENT_USER\Software\Microsoft\ Internet Explorer\Toolbar. In REGEDIT's right-hand pane, find a String value named LinksFolderName and rename it to NOT_LinksFolderName (so you can easily reverse this change if you wish). Now right-click on the right-hand pane, choose New | String value, and name the new value LinksFolderName, leaving its data blank. When you delete the Links folder one final time, IE will not re-create it.
Validation for drop downs
Create separate lists. Highlight each list in turn and choose Insert | Name | Define from the menu, using the category name as the name for this range.
Let's suppose the user will choose a category in cell E2 and a product in cell F2. Click in E2 and select Validation from the Data menu. Select List from the drop-down titled Allow and enter =Categories in the Source box, then click OK. This establishes a simple list-based validation rule the user can enter only values found in the Categories range, and those values appear in a drop-down list.
Now click in cell F2, select Data | Validation, and choose List from the Allow drop-down, as before. This time in the Source box enter =INDIRECT(E2). This selects the range named by the contents of cell E2. If E2 contains "Cabinets," the list of cabinets will be presented in F2, and so on. When the user selects a different category in E2, the list in F2 changes. It is still possible to get a mismatch if the user chooses a product and then changes the category.
Let's suppose the user will choose a category in cell E2 and a product in cell F2. Click in E2 and select Validation from the Data menu. Select List from the drop-down titled Allow and enter =Categories in the Source box, then click OK. This establishes a simple list-based validation rule the user can enter only values found in the Categories range, and those values appear in a drop-down list.
Now click in cell F2, select Data | Validation, and choose List from the Allow drop-down, as before. This time in the Source box enter =INDIRECT(E2). This selects the range named by the contents of cell E2. If E2 contains "Cabinets," the list of cabinets will be presented in F2, and so on. When the user selects a different category in E2, the list in F2 changes. It is still possible to get a mismatch if the user chooses a product and then changes the category.
Force unique numbers
Start by clicking in cell A1 and selecting Data | Validation from the menu. Click the drop-down list that is titled Allow and select Custom from the list. A box titled Formula will appear; enter this formula: =COUNTIF(A:A,A1)=1. Now click the Error Alert tab and enter an appropriate title and error message. For example, you could set the title to "Unique Values Only" and the message to "You must enter a value that is not already present in this column." Then click OK to accept the validation rule.
Now click the heading for column A to select the entire column. Again select Data | Validation from the menu. Excel will ask if you want to extend data validation to the additional cells. Click Yes, click OK, and you're done. If you accidentally attempt to enter a nonunique value in column A, Excel will block it and display the error message you defined.
Now click the heading for column A to select the entire column. Again select Data | Validation from the menu. Excel will ask if you want to extend data validation to the additional cells. Click Yes, click OK, and you're done. If you accidentally attempt to enter a nonunique value in column A, Excel will block it and display the error message you defined.
Insert alternate blank rows
To start, insert a new column to the left of the existing column A. Enter 1 in cell A1 and highlight column A all the way to the last row that contains data. From the Edit menu select Fill | Series and click on OK. Column A should now contain numbers from 1 to the total number of rows. Press Ctrl-C to copy these cells to the clipboard, click in the cell just below the last of them, and press Ctrl-V to paste. Now highlight the entire data area, including the new rows with just a number in column A. Select Sort from the Data menu and choose the No header row option in the resulting dialog box. Under Sort by select Column A, under Then by select column B, and click on OK. Finally, delete column A. You now have a blank row after every one of the original 1,000-odd rows.
Because blank lines can often cause problems with charts or calculations, you may want a quick way to remove them. You can use a similar technique.
Again, insert a new column to the left of column A and fill a series from 1 to the end of the data. Highlight the entire data area and sort by column B (the first column of real data). This will group all of the blank rows together. Next, highlight the data area again, and re-sort by column A. The blank lines are gone, and your data is restored to its original order. Finally, remove column A.
Because blank lines can often cause problems with charts or calculations, you may want a quick way to remove them. You can use a similar technique.
Again, insert a new column to the left of column A and fill a series from 1 to the end of the data. Highlight the entire data area and sort by column B (the first column of real data). This will group all of the blank rows together. Next, highlight the data area again, and re-sort by column A. The blank lines are gone, and your data is restored to its original order. Finally, remove column A.
Default chart colour
First, create a chart and configure it to exactly the way you want it to look. Colors, label alignment, number formats—set all of these just the way you like them. Select Chart | Chart Type from the Insert menu and click the Custom Types tab. Click the User-defined option at lower left, and click the Add button that appears. Enter a name and description for your chart type and click OK. If you wish, click the Set as default chart button. You can create as many custom chart types as you like—you may want to design your own versions of the line chart, bar chart, and pie chart, at least.
Multiple paragraphs into Excel
When you paste text from another application—say, Word or Outlook, or your Web browser—into Excel, the spreadsheet breaks multiple paragraphs into multiple cells, even if that means overwriting existing data in the cells beneath the target. To force Excel to place all the copied text into one cell, just press F2 before pasting (or double-click in the cell), and all the text will remain together.
Excel - finding particular day
We'll concentrate on finding the date of the first Thursday; you can add 7, 14, or 21 to the results to get the second, third, or fourth Thursday. Let's suppose the month (a number from 1 to 12) is stored in cell A2 and the year is in B2. This formula will yield the date of the first Thursday: =DATE(B2,A2,1)+MOD (12-WEEKDAY(DATE(B2,A2,1)),7). We'll break it down to show why it works.
The formula DATE(B2,A2,1), which appears twice in the formula below, returns the date of the first day of the specified month. Passing that result to the WEEKDAY function returns a number from 1 (Sunday) to 7 (Saturday) representing the day of the week for that date. Knowing the day of the week for the first of the month, you can calculate the date of the first Thursday. The day-number for Thursday is 5, but you can't just subtract the day-number for the first of the month from 5. (That would yield a negative number if the first fell on a Friday or Saturday). Instead, subtract from Thursday plus a week (12) and pass the result to the MOD function. The MOD function returns the remainder resulting from dividing its first argument by its second, so the result will always be from 0 to 6. Adding this number of days to the first day of the month yields the date for the first Thursday. Of course, you can easily modify this function to find the first Monday or another day of the week.
The formula DATE(B2,A2,1), which appears twice in the formula below, returns the date of the first day of the specified month. Passing that result to the WEEKDAY function returns a number from 1 (Sunday) to 7 (Saturday) representing the day of the week for that date. Knowing the day of the week for the first of the month, you can calculate the date of the first Thursday. The day-number for Thursday is 5, but you can't just subtract the day-number for the first of the month from 5. (That would yield a negative number if the first fell on a Friday or Saturday). Instead, subtract from Thursday plus a week (12) and pass the result to the MOD function. The MOD function returns the remainder resulting from dividing its first argument by its second, so the result will always be from 0 to 6. Adding this number of days to the first day of the month yields the date for the first Thursday. Of course, you can easily modify this function to find the first Monday or another day of the week.
Find and delete empty folders in Windows
Open a command prompt window and navigate to the root folder of the drive in question. Enter this command:
DIR /AD/B/S | SORT /R > EMPTIES.BAT
The file EMPTIES.BAT now contains a list of all folders on your hard drive in reverse order. Use Word or another editor to put the filenames in quotes and add the prefix RD (with a space after RD) to every line in the file. In Word, you can do this easily by using Find and Replace to search for ^p (which represents the paragraph mark) and replace it with "^pRD " (quote, p, R, D, space quote), then hand-correct the first and last lines of the file if necessary. Save the modified EMPTIES .BAT file and exit your editor. Then simply launch the batch file. It will attempt the RD (remove directory) command on each folder, but the command will fail for any folder that is not empty.
How does it work? For the DIR command, the switch /AD means select files whose attributes include the Directory attribute (in other words, folders). The /B switch means give a "bare" listingójust the filenameóand /S means look in subfolders, too (which, incidentally, modifies /B, so it shows the full pathname). The output is piped (|) as input to the SORT command. Not surprisingly, the switch /R means sort in reverse. Finally, the output of SORT is redirected (>) into the file EMPTIES.BAT. Because we're sorting in reverse, every folder's subfolders precede it in the list. If they are empty, then by the time the parent folder is processed, it too will be empty. You'd be surprised at what you can do with simple commands!
DIR /AD/B/S | SORT /R > EMPTIES.BAT
The file EMPTIES.BAT now contains a list of all folders on your hard drive in reverse order. Use Word or another editor to put the filenames in quotes and add the prefix RD (with a space after RD) to every line in the file. In Word, you can do this easily by using Find and Replace to search for ^p (which represents the paragraph mark) and replace it with "^pRD " (quote, p, R, D, space quote), then hand-correct the first and last lines of the file if necessary. Save the modified EMPTIES .BAT file and exit your editor. Then simply launch the batch file. It will attempt the RD (remove directory) command on each folder, but the command will fail for any folder that is not empty.
How does it work? For the DIR command, the switch /AD means select files whose attributes include the Directory attribute (in other words, folders). The /B switch means give a "bare" listingójust the filenameóand /S means look in subfolders, too (which, incidentally, modifies /B, so it shows the full pathname). The output is piped (|) as input to the SORT command. Not surprisingly, the switch /R means sort in reverse. Finally, the output of SORT is redirected (>) into the file EMPTIES.BAT. Because we're sorting in reverse, every folder's subfolders precede it in the list. If they are empty, then by the time the parent folder is processed, it too will be empty. You'd be surprised at what you can do with simple commands!
Remove duplicates in Excel
From http://support.microsoft.com/kb/262277
If the first record of original data is duplicated, it appears twice in the new list. Just hide the first line.
If you perform the Advanced Filter command in-place, the sheet still contains all records. Duplicate records are hidden. To work around this behavior, point to Rows on the Format menu, and then click Unhide.
- Select the column titles above rows or records that you want to sort.
- On the Data menu, point to Filter, and then click Advanced Filter. If you are prompted as follows, click OK.No headers detected. Assume top row of selection is header row?
- Under Action, click Copy to another location.
- Click to select the Unique records only check box.
- In the List range box, type or select the range of records (such as A3:H10).
- In the Criteria range box, type or select the same range of records (that is, A3:H10)
- In the Copy to box, type the address of or select the first cell where you want the information to be placed. Make sure there is enough room so you don't overwrite pre-existing data.
Note You can only do this in the active sheet. - Click OK.
If the first record of original data is duplicated, it appears twice in the new list. Just hide the first line.
If you perform the Advanced Filter command in-place, the sheet still contains all records. Duplicate records are hidden. To work around this behavior, point to Rows on the Format menu, and then click Unhide.
Tuesday 23 March 2010
Bent CPU Pins
Use a mechanical pencil with the lead removed and place the hollow tip of the pencil on the pin, straighten each pin perfectly and reduce the risk of breaking them when you straighten them. This works extremely well when the bent pin is in one of the middle rows.
Avoid printing by mistake
Select Tools | Options from the menu and click the Security tab. Check the box that says Warn before printing... and click OK. If you were using Word 2007, you'd reach that check box in a
different way. Click the Office button at top left, click the Word Options button, click Trust Center in the list at left, click the Trust Center Settings button, and click Privacy Options.
Yet another option is to format each private document so that its text simply won't print. Highlight the entire document by pressing Ctrl-A, then right-click the text and choose Font. Check the Hidden box and click OK. Now select Tools | Options, click the View tab, and check the box to show Hidden text. (Word 2007 users will click the Office button, click Word Options, click Display in the list at left, and check the box to show Hidden text). You'll see the text, but if you accidentally print it, a blank sheet will come out.
different way. Click the Office button at top left, click the Word Options button, click Trust Center in the list at left, click the Trust Center Settings button, and click Privacy Options.
Yet another option is to format each private document so that its text simply won't print. Highlight the entire document by pressing Ctrl-A, then right-click the text and choose Font. Check the Hidden box and click OK. Now select Tools | Options, click the View tab, and check the box to show Hidden text. (Word 2007 users will click the Office button, click Word Options, click Display in the list at left, and check the box to show Hidden text). You'll see the text, but if you accidentally print it, a blank sheet will come out.
Slow File Deletion
Launch Programs and Features from Control Panel and click the Turn Windows features on or off link at left. Find Remote Differential Compression in the list, uncheck its check box, and click OK. This change may need a reboot to take effect.
Date in Word Document Changes Unexpectedly
Q: Whenever I open an old Microsoft Word document, it replaces the original date in the document with the current date. How can I prevent Word from automatically changing the date when I open a document?
A: When you choose Insert | Date and Time from the menu (or click Date and Time in the Text panel of Word 2007's Insert ribbon), you get a Date and Time dialog that lets you choose the desired format. There's a tricky little box at the bottom labeled Update automatically. If you check that box, Word inserts a date field rather than a static date. This field updates to the current date every time you open the document. When you click on such a date it gets a gray highlight—that's a clue you're looking at a field.
Going forward, be sure that box is not checked when you want to insert a static date. For your old documents, you'll have to delete the date field and replace it with the date that should be there. Not sure of the correct date? It's probably the date that the document was created or last saved. In Word 2003, choose Properties from the File menu to find the Created date.
Word 2007 users will have to jump through a few hoops to reach this same Document Properties window. Click the Office Orb at top left, choose Prepare, and choose Properties. Click the down arrow next to Document Properties in the panel that appears. Choose Advanced Properties. When you've noted the document creation date, close the properties panel by clicking the small x-icon at its top right-hand corner.
A: When you choose Insert | Date and Time from the menu (or click Date and Time in the Text panel of Word 2007's Insert ribbon), you get a Date and Time dialog that lets you choose the desired format. There's a tricky little box at the bottom labeled Update automatically. If you check that box, Word inserts a date field rather than a static date. This field updates to the current date every time you open the document. When you click on such a date it gets a gray highlight—that's a clue you're looking at a field.
Going forward, be sure that box is not checked when you want to insert a static date. For your old documents, you'll have to delete the date field and replace it with the date that should be there. Not sure of the correct date? It's probably the date that the document was created or last saved. In Word 2003, choose Properties from the File menu to find the Created date.
Word 2007 users will have to jump through a few hoops to reach this same Document Properties window. Click the Office Orb at top left, choose Prepare, and choose Properties. Click the down arrow next to Document Properties in the panel that appears. Choose Advanced Properties. When you've noted the document creation date, close the properties panel by clicking the small x-icon at its top right-hand corner.
Reset the Administrator Password
In XP, click Start, click Run (in Vista, just use the Search field), enter control userpasswords2 (don't forget the 2 at the end).
In the dialog that appears is a panel titled Password for Administrator. Click the Reset Password button in this panel and assign a new password that you'll remember but that a malefactor or a virus won't guess.
If that button is disabled, check the box at the top that says, Users must enter a user name and password to use this computer. That will enable the button. After changing the Administrator password, close the main User Accounts dialog by clicking Cancel rather than OK. That way, your change to the "Users must enter..." check box won't actually change anything.
In the dialog that appears is a panel titled Password for Administrator. Click the Reset Password button in this panel and assign a new password that you'll remember but that a malefactor or a virus won't guess.
If that button is disabled, check the box at the top that says, Users must enter a user name and password to use this computer. That will enable the button. After changing the Administrator password, close the main User Accounts dialog by clicking Cancel rather than OK. That way, your change to the "Users must enter..." check box won't actually change anything.
Indexing Service issues
Rebuild the index, like so:
1. Launch Indexing Options from Control Panel
2. Click the Advanced button
3. Click the Rebuild button
1. Launch Indexing Options from Control Panel
2. Click the Advanced button
3. Click the Rebuild button
Problems flushing DNS
1. Click Start 2. Click Run
3. Enter services.msc
4. Double-click DNS Client in the list
5. Set its start-up type to Automatic
6. Click the Start button
7. Click OK
8. Close the Services list
Now that it's running you'll find that the ipconfig /flushdns command works properly.
Delays in asking for UAC password
Navigate to the Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.
Right-click in the right-hand pane and choose New | DWORD Value from the context menu.
Name the value PromptOnSecureDesktop and make sure its data is set to 0. My experience has been that this change takes effect immediately.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.
Right-click in the right-hand pane and choose New | DWORD Value from the context menu.
Name the value PromptOnSecureDesktop and make sure its data is set to 0. My experience has been that this change takes effect immediately.
Branding in IE bar
"Windows Internet Explorer - provided by xxx" situations....
In all current versions of Internet Explorer (including 8), you control that text through an entry in the Registry. Click Start, click Run, enter regedit. Navigate to the key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main. In the right-hand pane find a value named Window Title. Double-click it to change its data. Either delete the text entirely or change it to something that pleases you. If you don't see the value, right-click in the right-hand pane and choose New | String Value. Name the value Window Title and then proceed as above.
In all current versions of Internet Explorer (including 8), you control that text through an entry in the Registry. Click Start, click Run, enter regedit. Navigate to the key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main. In the right-hand pane find a value named Window Title. Double-click it to change its data. Either delete the text entirely or change it to something that pleases you. If you don't see the value, right-click in the right-hand pane and choose New | String Value. Name the value Window Title and then proceed as above.
Monday 22 March 2010
Mac: Retrieve Keychain passwords
Open Keychain Access.app (located in /Applications/Utilities/). Once there, scroll through the list of keys until you find the one that you're looking for. Double click on it and check the box that says, "Show Password." Once you authenticate with your user credentials, your forgotten password will be displayed in the text box.
Mac: Leave Growl notifications on screen
There is an option in Growl preferences so that it leaves the notifications on screen when the computer is inactive for more than 30 seconds (you can change the length of time). It works well when you are away from your computer. You'll be able to read everything that happened on your Mac when you come back. The option is in System Preferences, under Growl (if you don't have Growl installed, you can check the previous tip or search Growl on MacUpdate or VersionTracker).
Mac: Google Map from Address Book contact
In a contact's Address Book card, right-clicking on an address and clicking on "Map Of" will launch your default browser and map out the address in Google Maps.
Mac: Change file format of screenshot
Open Terminal.app (/Applications/Utilities) and type the following command:
defaults write com.apple.screencapture type jpg
You can replace "jpg" with your desired file format (example: tiff, pdf, png, etc.). If you wish to change it back to defaults, Mac OS X originally grabs screens in png format. To activate the changes, just logout of your account and then log back in.
defaults write com.apple.screencapture type jpg
You can replace "jpg" with your desired file format (example: tiff, pdf, png, etc.). If you wish to change it back to defaults, Mac OS X originally grabs screens in png format. To activate the changes, just logout of your account and then log back in.
Sunday 21 March 2010
Handy Mac Apps
Do Something When is a system preference pane that allows the user to watch for drives mounting and un-mounting, allowing them to launch or quit applications, whenthese events happen. You can launch iTunes when your music hard drive gets mounted, you can quit iTunes when you eject the drive. This is just an example of what can be done.
MPEG Streamclip is a powerful high-quality video converter, player, editor for MPEG, QuickTime, transport streams, iPod. And now it is a DivX editor and encoding machine, and even a stream and YouTube downloader.
You can use MPEG Streamclip to: open most movie formats including MPEG files or transport streams; play them at full screen; edit them with Cut, Copy, Paste, and Trim; set In/Out points and convert them into muxed or demuxed files, or export them to QuickTime, AVI, DV and MPEG-4 files with more than professional quality, so you can easily import them in Final Cut Pro, DVD Studio Pro, Toast 6, 7, 8, and use them with many other applications or devices.
Supported input formats: MPEG, VOB, PS, M2P, MOD, VRO, DAT, MOV, DV, AVI, MP4, TS, M2T, MMV, REC, VID, AUD, AVR, VDR, PVR, TP0, TOD, M2V, M1V, MPV, AIFF, M1A, MP2, MPA, AC3, ...
iSquint is an iPod video conversion app for Mac OS X. It's many times faster than QuickTime Pro, works with almost all popular video formats, and it's infinitely free-er. It's also really easy. Just drag in your file, and click Start. You can also choose "TV" or "iPod" size, set your quality, or even go all-out by playing in the Advanced drawer.
Use and create Delicious bookmarks from the Safari web browser
MacTheRipper is a DVD ripper (extractor). It removes CSS encryption, Macrovision protection, sets the disc's region to '0' for region-free, and is capable of removing RCE region checking. It can also copy ARccOS copy-protected DVDs. This is to backup your legally-purchased DVDs onto your hard drive.
ffmpegX is a Mac OS X graphic user interface designed to easily operate more than 20 powerful Unix open-source video and audio processing tools including ffmpeg the "hyper fast video and audio encoder" (http://ffmpeg.sf.net/), mpeg2enc the open-source mpeg-2 encoder and multiplexer (http://mjpeg.sf.net/MacOS/) and mencoder the mpeg-4 encoder with subtitles support (http://sf.net/projects/mplayerosx).
NeoOffice
The superb Delicious Library
iPlayerGrabber
Dropbox
SuperDuper
Seashore is an open source image editor for Mac OS X's Cocoa framework. It features gradients, textures and anti-aliasing for both text and brush strokes. It supports multiple layers and alpha channel editing. It is based around the GIMP's technology and uses the same native file format.
GimmeSomeTune
ShakesPeer is an Open Source Direct Connect client for Mac OS X. Direct Connect is a popular filesharing network.
FixTunes
Google Notifier in Growl
TweetDeck
MacMP3Gain is an AppleScript Studio application which brings an Aqua GUI to the command line version of mp3gain, a utility that performs statistical analysis to determine how loud the MP3 file actually sounds to the human ear and performs lossless volume adjustments. MacMP3Gain is free and open source. You may download either the application itself or the entire project including the source code.
VirtualBox
Perian is a free, open source QuickTime component that adds native support for many popular video formats.
iCyclone is an open source fan controller
Soundflower is a Mac OS X (10.2 and later) system extension that allows applications to pass audio to other applications. Soundflower is easy to use, it simply presents itself as an audio device, allowing any audio application to send and receive audio with no other support needed. Soundflower is free, open-source, and runs on Mac Intel and PPC computers.
The MacPorts Project is an open-source community initiative to design an easy-to-use system for compiling, installing, and upgrading either command-line, X11 or Aqua based open-source software on the Mac OS X operating system
Renamer for Mac - allows bulk renaming of files
Remote Desktop Client for Windows - to access Windows networks
Incredibly versatile .FLV viewer - SWF & FLV Player for Mac
Trash It! -This AppleScript-based application force-empties your Trash and/or removes stubborn items. Especially useful if you have files or folders in the Trash with permissions set incorrectly, locked Trash items, want to securely delete a stuck item, or trash items from other partitions. If you drop files or folders onto the Trash It! icon, it will delete them as well. If you double-click on it, it will clean out your Trash can. This is the software recommended by Apple Tech support when all else fails!
Trash It! should be used when:
1. You can't get rid of trash items manually.
2. You can't move items to the trash.
3. You have a large number of items to delete (i.e., previous system folders).
4. You just like using cool scripts. :)
This is not a Finder trash can replacement! It should be used as a last resort!
1. You can't get rid of trash items manually.
2. You can't move items to the trash.
3. You have a large number of items to delete (i.e., previous system folders).
4. You just like using cool scripts. :)
This is not a Finder trash can replacement! It should be used as a last resort!
- Expand 7z, bzip2, gz, rar, tar, and zip files.
- Shrink files into 7z, zip, gz, tar, and bzip2 formats.
- View the contents of an archive without opening it.
- Delete files from an archive without opening it.
- Create, verify, and repair par2 files.
- Process multiple files with ease.
MPEG Streamclip is a powerful high-quality video converter, player, editor for MPEG, QuickTime, transport streams, iPod. And now it is a DivX editor and encoding machine, and even a stream and YouTube downloader.
You can use MPEG Streamclip to: open most movie formats including MPEG files or transport streams; play them at full screen; edit them with Cut, Copy, Paste, and Trim; set In/Out points and convert them into muxed or demuxed files, or export them to QuickTime, AVI, DV and MPEG-4 files with more than professional quality, so you can easily import them in Final Cut Pro, DVD Studio Pro, Toast 6, 7, 8, and use them with many other applications or devices.
Supported input formats: MPEG, VOB, PS, M2P, MOD, VRO, DAT, MOV, DV, AVI, MP4, TS, M2T, MMV, REC, VID, AUD, AVR, VDR, PVR, TP0, TOD, M2V, M1V, MPV, AIFF, M1A, MP2, MPA, AC3, ...
iSquint is an iPod video conversion app for Mac OS X. It's many times faster than QuickTime Pro, works with almost all popular video formats, and it's infinitely free-er. It's also really easy. Just drag in your file, and click Start. You can also choose "TV" or "iPod" size, set your quality, or even go all-out by playing in the Advanced drawer.
Use and create Delicious bookmarks from the Safari web browser
MacTheRipper is a DVD ripper (extractor). It removes CSS encryption, Macrovision protection, sets the disc's region to '0' for region-free, and is capable of removing RCE region checking. It can also copy ARccOS copy-protected DVDs. This is to backup your legally-purchased DVDs onto your hard drive.
ffmpegX is a Mac OS X graphic user interface designed to easily operate more than 20 powerful Unix open-source video and audio processing tools including ffmpeg the "hyper fast video and audio encoder" (http://ffmpeg.sf.net/), mpeg2enc the open-source mpeg-2 encoder and multiplexer (http://mjpeg.sf.net/MacOS/) and mencoder the mpeg-4 encoder with subtitles support (http://sf.net/projects/mplayerosx).
NeoOffice
Cache Out X is a robust tool that cleans your computer's system, getting to, and deleting the multitude of cache files generated by Mac OS X and web browsers. By using Cache Out X, you can get your computer feeling like it did the first time you bought it. The application deletes system and user cache files and removes cookie and other Internet related navigation and download cache files.
Cache Out X sets itself apart with the ability to remove Persistent Cache files.
Cache Out X sets itself apart with the ability to remove Persistent Cache files.
The superb Delicious Library
iPlayerGrabber
Dropbox
SuperDuper
Seashore is an open source image editor for Mac OS X's Cocoa framework. It features gradients, textures and anti-aliasing for both text and brush strokes. It supports multiple layers and alpha channel editing. It is based around the GIMP's technology and uses the same native file format.
GimmeSomeTune
ShakesPeer is an Open Source Direct Connect client for Mac OS X. Direct Connect is a popular filesharing network.
FixTunes
Google Notifier in Growl
TweetDeck
MacMP3Gain is an AppleScript Studio application which brings an Aqua GUI to the command line version of mp3gain, a utility that performs statistical analysis to determine how loud the MP3 file actually sounds to the human ear and performs lossless volume adjustments. MacMP3Gain is free and open source. You may download either the application itself or the entire project including the source code.
VirtualBox
Perian is a free, open source QuickTime component that adds native support for many popular video formats.
iCyclone is an open source fan controller
Soundflower is a Mac OS X (10.2 and later) system extension that allows applications to pass audio to other applications. Soundflower is easy to use, it simply presents itself as an audio device, allowing any audio application to send and receive audio with no other support needed. Soundflower is free, open-source, and runs on Mac Intel and PPC computers.
The MacPorts Project is an open-source community initiative to design an easy-to-use system for compiling, installing, and upgrading either command-line, X11 or Aqua based open-source software on the Mac OS X operating system
Mac: Adding to PATH
echo $PATH - to show current path
PATH=$PATH\:/dir/path
In all cases, replace /dir/path with the directory you want the shell to search.
PATH=$PATH\:/dir/path
In all cases, replace /dir/path with the directory you want the shell to search.
Wednesday 17 March 2010
Mac: Handling Filenames with Spaces in Bash
Use quote marks!
e.g. - rsync /usr/bin/ssh -ave --stats --delete --progress --exclude /iTunes\ Music/Downloads/Podcasts/ ~/Music/iTunes/"iTunes Music"/ /Volumes/1tb/"iTunes Music"
e.g. - rsync /usr/bin/ssh -ave --stats --delete --progress --exclude /iTunes\ Music/Downloads/Podcasts/ ~/Music/iTunes/"iTunes Music"/ /Volumes/1tb/"iTunes Music"
Make a file or folder invisible in Mac OS X Finder
setfile -a V testfile.txt The file or folder is no longer visible via the Finder GUI. To make your files and folders visible again, use this command:
setfile -a v testfile.txt
Mac: Compare or merge two folders' contents
From here - http://www.macworld.com/article/49584/2006/03/cmpfldr.html
FileMerge in /Developer -> Applications -> Utilities
Launch it, then drag one folder into each drop zone in the Compare Files window.
Once you’ve added the folders, just click Compare. FileMerge opens a new window with a list of gray and black filenames. A gray filename indicates that the file is common to both folders. A black filename indicates that the file is unique to one folder. Select a file to see a status message at the bottom of the window. If this says “added to right,” that means the file is only in the folder you placed in the rightmost well. If the message says “added to left,” the opposite is true. To simplify this view, use the Exclude checkboxes. Select the Identical option, for example, if you don’t want to see files that exist in both folders.
If you’d like to look at any of the files, click the View button to display a drop-down menu of options. Choose Comparison (for text files only) to open the traditional FileMerge comparison window, or use the Left File and Right File options to see the actual text or images in the specified folder. The Ancestor and Merge views only apply to people using FileMerge to check code. Read more about these options in FileMerge’s Help file.
If all you wanted to do was to visually compare the two folders’ contents, you’re done. But you can also use FileMerge to actually merge the two folders together into one new one. To do this, select all the files in the leftmost column (click on one and then hit Command-A to select all). Then select Combine Files from the Merge pop-up menu (or press Command-1). FileMerge will ask you for a new directory name, and then proceed to merge the two directories into a new one. Any files that weren’t common to both folders will be added to the new folder, along with all of the identical files.
FileMerge in /Developer -> Applications -> Utilities
Launch it, then drag one folder into each drop zone in the Compare Files window.
Once you’ve added the folders, just click Compare. FileMerge opens a new window with a list of gray and black filenames. A gray filename indicates that the file is common to both folders. A black filename indicates that the file is unique to one folder. Select a file to see a status message at the bottom of the window. If this says “added to right,” that means the file is only in the folder you placed in the rightmost well. If the message says “added to left,” the opposite is true. To simplify this view, use the Exclude checkboxes. Select the Identical option, for example, if you don’t want to see files that exist in both folders.
If you’d like to look at any of the files, click the View button to display a drop-down menu of options. Choose Comparison (for text files only) to open the traditional FileMerge comparison window, or use the Left File and Right File options to see the actual text or images in the specified folder. The Ancestor and Merge views only apply to people using FileMerge to check code. Read more about these options in FileMerge’s Help file.
If all you wanted to do was to visually compare the two folders’ contents, you’re done. But you can also use FileMerge to actually merge the two folders together into one new one. To do this, select all the files in the leftmost column (click on one and then hit Command-A to select all). Then select Combine Files from the Merge pop-up menu (or press Command-1). FileMerge will ask you for a new directory name, and then proceed to merge the two directories into a new one. Any files that weren’t common to both folders will be added to the new folder, along with all of the identical files.
Mac: Change Permissions of Entire Folder Contents
Step 1: Go to the parent folder that holds your files.
Step 2: Hit Cmd-I to open the info window.
Step 3: Expand the "Sharing & Permissions" section.
Step 4: Click on the lock in the lower-right corner and enter in an administrator's password.
Step 5: Edit the permissions of the folder so they match what you need.
Step 6: Once the permissions are edited, click on the gear icon and select "Apply to enclosed items".
Step 2: Hit Cmd-I to open the info window.
Step 3: Expand the "Sharing & Permissions" section.
Step 4: Click on the lock in the lower-right corner and enter in an administrator's password.
Step 5: Edit the permissions of the folder so they match what you need.
Step 6: Once the permissions are edited, click on the gear icon and select "Apply to enclosed items".
Mac: Recovering lost space on iPod
- Disable photo sync in iTunes
- Remove contents of the Thumbs folder in the Finder
- Empty the trash.
- Re-enable photo syncing
Remove carriage returns at ends of lines
From http://word.mvps.org/FAQs/General/DeleteParaMarksAtEndOfLines.htm
If you have pasted a file into Word in which each “line” ends with a paragraph mark and each “paragraph” ends with two or more paragraph marks:
If you have pasted a file into Word in which each “line” ends with a paragraph mark and each “paragraph” ends with two or more paragraph marks:
Array Formulas
From http://www.ozgrid.com/Excel/arrays.htm
Array Formula Rules:
Before we show some examples of array formulas it is important to know 4 fundamental rules.
- Each argument within an array must have the same amount of rows and columns.
- You must enter an array by pushing Ctrl+Shift+Enter.
- You cannot add the {} (braces) that surround an array yourself, pushing Ctrl+Shift+Enter will do this for you.
- You cannot use an array formula on an entire column.
Pet Shop Example:
Suppose you have 5 Columns of data each with 200 rows.
Column A is used to keep track of the sex of each dog sold i.e. Male or Female
Column B is used to keep track of the breed of the dogs sold.
Column C is used to keep track of the age of the dogs sold.
Column D is used to keep track whether the dog is sterilized or not i.e. Yes or No
Column E is used to keep track of the cost of the dog sold.
Column A is used to keep track of the sex of each dog sold i.e. Male or Female
Column B is used to keep track of the breed of the dogs sold.
Column C is used to keep track of the age of the dogs sold.
Column D is used to keep track whether the dog is sterilized or not i.e. Yes or No
Column E is used to keep track of the cost of the dog sold.
- To count the number of male Poodles sold:
=SUM(($A$2:$A$200="Male")*($B$2:$B$200="Poodle")) - To count the number of male Poodles sold over 3 years old:
=SUM(($A$2:$A$200="Male")*($B$2:$B$200="Poodle")*($C$2:$C$200>2)) - To get the total cost of male Spaniels sold:
=SUM(IF($A$2:$A$200="Male",IF($B$2:$B$200="Spaniel",$E$2:$E$200,0),0)) - To find out the average age of male dogs sold:
=AVERAGE(IF($A$2:$A$200="Male",$C$2:$C$200)) - To find out the average cost of male dogs sold over 2 years old:
=AVERAGE(IF($A$2:$A$200="Male",IF($C$2:$C$200>2,$E$2:$E$200))) - To find out the Minimum age of dogs sold that are sterilized:
=MIN(IF($D$2:$D$200="Yes",$C$2:$C$200))
All the above formulas must be entered with Ctrl+Shift+Enter
TIP: If you are having problems writing an array formula to sum your totals then use the Conditional sum wizard, Tool>Wizard>Conditional sum. If you don't see it then you will need to add it via Tools>Add-ins>Conditional sum wizard.
Outline a list of data in a worksheet
From http://office.microsoft.com/en-us/excel/HA100244981033.aspx?pid=CL100570551033
If you have a list (list: A series of rows that contains related data or a series of rows that you designate to function as a datasheet by using the Create List command.) of data that you want to group and summarize, you can create an outline of up to eight levels, one for each group. Each inner level, represented by a higher number in the outline symbols (outline symbols: Symbols that you use to change the view of an outlined worksheet. You can show or hide detailed data by pressing the plus sign, minus sign, and the numbers 1, 2, 3, or 4, indicating the outline level.) displays detail data (detail data: For automatic subtotals and worksheet outlines, the subtotal rows or columns that are totaled by summary data. Detail data is typically adjacent to and either above or to the left of the summary data.) for the preceding outer level, represented by a lower number in the outline symbols. Use an outline to quickly display summary rows or columns, or to reveal the detail data for each group.
You can create an outline of rows, an outline of columns, or an outline of both rows and columns.
An outlined row of sales data grouped by geographical regions and months with several summary and detail rows displayed.
To display rows for a level, click the appropriate outline symbols.
Level 1 contains the total sales for all detail rows.
Level 2 contains total sales for each month in each region.
Level 3 contains detail rows (only detail rows 11 through 13 are currently visible).
To expand or collapse data in your outline, click the "plus" and "minus" outline symbols.
If you have a list (list: A series of rows that contains related data or a series of rows that you designate to function as a datasheet by using the Create List command.) of data that you want to group and summarize, you can create an outline of up to eight levels, one for each group. Each inner level, represented by a higher number in the outline symbols (outline symbols: Symbols that you use to change the view of an outlined worksheet. You can show or hide detailed data by pressing the plus sign, minus sign, and the numbers 1, 2, 3, or 4, indicating the outline level.) displays detail data (detail data: For automatic subtotals and worksheet outlines, the subtotal rows or columns that are totaled by summary data. Detail data is typically adjacent to and either above or to the left of the summary data.) for the preceding outer level, represented by a lower number in the outline symbols. Use an outline to quickly display summary rows or columns, or to reveal the detail data for each group.
You can create an outline of rows, an outline of columns, or an outline of both rows and columns.
An outlined row of sales data grouped by geographical regions and months with several summary and detail rows displayed.
To display rows for a level, click the appropriate outline symbols.
Level 1 contains the total sales for all detail rows.
Level 2 contains total sales for each month in each region.
Level 3 contains detail rows (only detail rows 11 through 13 are currently visible).
To expand or collapse data in your outline, click the "plus" and "minus" outline symbols.
Formulas based on cell formatting
From http://answers.google.com/answers/threadview/id/136528.html
1. In your Excel worksheet window, press Alt+F11.
2. In the new Microsoft Visual Basic window, click on the Insert menu,
Module.
3. In the right hand pane, in the window titled "Module1 (Code)",
paste in the following function:
Function SumBold(CellRange As Range)
Dim sumb
For Each cell In CellRange.Cells
If cell.Font.Bold = True Then
sumb = sumb + cell.Value
End If
Next
SumBold = sumb
End Function
4. Press Alt+Q to save.
Now in any cell in this workbook, you can enter the formula =SumBold()
to have it add up all bolded numbers within a range. You would use
=SumBold() in the exact way that you would use =SUM().
One caveat is that Excel does not appear to recognize bolding as an
event, so when you bold/unbold new items, the sum may not reflect the
new changes. You'll have to use Ctrl+Alt+F9 to have it recalculate
all formulas on the sheet.For italics it's virtually the same code. Simply change the
following line from:
If cell.Font.Bold = True Then
And change it to:
If cell.Font.Italic = True Then
You'll also have to change the name of the function. So for a Sum of
Italics, the code would look like:
Function SumItalics(CellRange As Range)
Dim sumi
For Each cell In CellRange.Cells
If cell.Font.Italic = True Then
sumi = sumi + cell.Value
End If
Next
SumItalics = sumi
End Function
VBA Copy comments to a Range
From http://vbadud.blogspot.com/2008/09/convert-excel-comments-to-text-using.html
If a worksheet is dotted with lot of comments and you want to respond to each one of these, it is better to extract the comments and place it in a column. This would help in responding to the comments. The following code will extract all comments and place it in column ‘F’ along with the value of the original cell
If a worksheet is dotted with lot of comments and you want to respond to each one of these, it is better to extract the comments and place it in a column. This would help in responding to the comments. The following code will extract all comments and place it in column ‘F’ along with the value of the original cell
Sub Convert_Comment_To_Text()
Dim oCom As Comment
Dim sVal As String
Dim i As Integer
For i = 1 To ActiveSheet.Comments.Count
sVal = ""
Set oCom = ActiveSheet.Comments(i)
sVal = ActiveSheet.Cells(oCom.Parent.Row, oCom.Parent.Column).Value
ActiveSheet.Range("F" & CStr(oCom.Parent.Row)).Value = "'" & sVal & " -- " & oCom.Text
Next
Deleting All Cell Comments in a Sheet
1. Press F5 to open the Go To dialog box, and click Special.
2. In the Go To Special dialog box, select Comments.
3. Click OK. All cells containing Comments are selected.
OR
Skip steps 1 through 3 and press Ctrl+Shift+O (the letter O, not the number zero) to select all Comments.
4. Press Shift+F10 or right-click, and select Delete Comment from the shortcut menu.
2. In the Go To Special dialog box, select Comments.
3. Click OK. All cells containing Comments are selected.
OR
Skip steps 1 through 3 and press Ctrl+Shift+O (the letter O, not the number zero) to select all Comments.
4. Press Shift+F10 or right-click, and select Delete Comment from the shortcut menu.
Sunday 14 March 2010
Mac Magsafe Adaptors (just in case...)
From http://support.apple.com/kb/TS1713
Although you are not required to bring in the computer used with the adapter please be sure to bring the serial number from the computer; it is required to process potential replacements. To locate the serial number for your computer please follow the steps in the article appropriate for your computer: MacBook, MacBook Pro, or MacBook Air.
If you plan to visit an Apple Retail store please make a reservation at the Genius Bar using http://www.apple.com/retail/geniusbar/ (available in some countries only).
Symptoms
Is your portable computer's MagSafe power adapter not working correctly? This article will tell you what you can do if you experience one or more of the following issues:- Your power adapter won't charge the computer.
- The LED on the adapter connector doesn't light up when attached to the computer.
- The adapter only charges the computer intermittently.
- The adapter's white insulation separates from the magnetic end of the MagSafe connector (also known as strain relief).
Additional Information
Whether your product is in or out-of-warranty, you can take your adapter to an Apple-Authorized Service Provider or Apple Retail Store for evaluation and replacement if necessary. You may be eligible for a replacement adapter free of charge provided there are no signs of accidental damage.Although you are not required to bring in the computer used with the adapter please be sure to bring the serial number from the computer; it is required to process potential replacements. To locate the serial number for your computer please follow the steps in the article appropriate for your computer: MacBook, MacBook Pro, or MacBook Air.
If you plan to visit an Apple Retail store please make a reservation at the Genius Bar using http://www.apple.com/retail/geniusbar/ (available in some countries only).
Ubuntu and Windows Apps
Son has two requirements from PC that are met by Windows on the dual boot, but not Ubuntu. So is there a way to get them working on Ubuntu?
The two are iTunes and MSN Messenger with webcam (his is a Logitech Webcam Messenger).
Let's tackle iTunes first. The need for this is driven by the recent acquisition of an iPod Touch and therefore music management comes in.
Installing iTunes under WINE has just proven to be a nightmare. Either wrong version of iTunes, wrong version of WINE, need to amend WINE code, etc.
Next option, therefore, is a virtual machine, and Sun's Virtual Box looks the solution.
A Synaptic install followed. Nice and easy.
Next stage is to install Win XP. Dig out that disk, yep that worked!
Hmm - could I get away with not installing SP2 and just install iTunes now? No! iTunes requires SP2.
Ah well. SP2 disk first of all decides to give the wonderful "Cyclic Redundancy Check" message - how much I love that one!
Whip the disk out, give a quick clean - replace in drive - and it works.
Good news - the Win VM sees the outside world! Bad news, that means we still can't do anything, as there are now umpteen updates to install.
Umpteen updates later, still a need to put in some AV software (Avast!) and some anti malware. Then update those.
Finally, install iTunes and Messenger.
Sorted!
No, not really. It can't see the webcam. It can't see the iPod. Why would that be?
Quite simply, because I had installed the wrong version of Virtual Box - the OSE one. I needed the PUEL version, that includes USB support.
Now, the question was, does such a changeover mean the Win install is lost and I have to start all over? Thankfully, no, it doesn't.
sudo apt-get remove virtualbox-3.1
sudo apt-get autoremove
sudo apt-get update
sudo apt-get upgrade
sudo aptitude install dkms
sudo /etc/init.d/vboxdrv setup
sudo apt-get install bum
VBox now installed, Win XP working. USB still not working properly. Also, mouse capture very distracting.
Next stage, therefore, to install Guest Additions.
This allows mouse movement between the VM and Ubuntu. And now I can see mention of USB devices, but they still don't want to work!
So I followed these steps:
What's more, the VM is "seeing" the Windows partition on the PC where the music files are held and these are copied into the iTunes Library, and the iTunes Library is "seeing" others in the house.
But what of the webcam? Well, a whole new odyssey commences there. One currently without solution - investigating options like emesene in Ubuntu or MSN in Win XP, with no joy at all so far...
The two are iTunes and MSN Messenger with webcam (his is a Logitech Webcam Messenger).
Let's tackle iTunes first. The need for this is driven by the recent acquisition of an iPod Touch and therefore music management comes in.
Installing iTunes under WINE has just proven to be a nightmare. Either wrong version of iTunes, wrong version of WINE, need to amend WINE code, etc.
Next option, therefore, is a virtual machine, and Sun's Virtual Box looks the solution.
A Synaptic install followed. Nice and easy.
Next stage is to install Win XP. Dig out that disk, yep that worked!
Hmm - could I get away with not installing SP2 and just install iTunes now? No! iTunes requires SP2.
Ah well. SP2 disk first of all decides to give the wonderful "Cyclic Redundancy Check" message - how much I love that one!
Whip the disk out, give a quick clean - replace in drive - and it works.
Good news - the Win VM sees the outside world! Bad news, that means we still can't do anything, as there are now umpteen updates to install.
Umpteen updates later, still a need to put in some AV software (Avast!) and some anti malware. Then update those.
Finally, install iTunes and Messenger.
Sorted!
No, not really. It can't see the webcam. It can't see the iPod. Why would that be?
Quite simply, because I had installed the wrong version of Virtual Box - the OSE one. I needed the PUEL version, that includes USB support.
Now, the question was, does such a changeover mean the Win install is lost and I have to start all over? Thankfully, no, it doesn't.
sudo apt-get remove virtualbox-3.1
sudo apt-get autoremove
sudo apt-get update
sudo apt-get upgrade
sudo aptitude install dkms
sudo /etc/init.d/vboxdrv setup
sudo apt-get install bum
VBox now installed, Win XP working. USB still not working properly. Also, mouse capture very distracting.
Next stage, therefore, to install Guest Additions.
This allows mouse movement between the VM and Ubuntu. And now I can see mention of USB devices, but they still don't want to work!
So I followed these steps:
For Karmic
From a terminal run the following command:
- Add yourself to the vboxusers group if not already there: -
if [ "`grep vboxusers /etc/group|grep $USER`" == "" ] ; then sudo usermod -G vboxusers -a $USER ; fi
This works for Karmic 9.10 Host and Windows XP Guest
From a terminal run the following command:
- This will check for your vbox user id which you'll need for the next steps. This will display a line that looks a bit like this: vboxusers:x:123:myself 123 is the user id of your machine you're looking for
grep vbox /etc/group
- This will edit your FSTAB File
sudo gedit /etc/fstab
- Add the following line to the bottom of the fstab file: Replace userid with the number displayed from step 1.
none /proc/bus/usb usbfs devgid=userid,devmode=664 0 0
- Example: none /proc/bus/usb usbfs devig=123,devmod=664 0 0
- Reboot Ubuntu 9.10
- Once logged into Ubuntu 9.10 start VirtualBox (Don't power on a guest OS yet)
- Click Settings from the VirtualBox main page for the Windows XP Guest OS
- Click the System tab on the left side of screen
- Enable IO APIC is needs to be selected
- Click the USB tab on the left side of screen
- Enable USB Controller and Enable USB 2.0 (EHCI) Controller need to be selected
- Your USB device should be recognized and ticked in the lower screen. If not, press the 'add' button (to the far right, 2nd one with the green cross) and add it.
- Power on your Guest OS and USB Should work
What's more, the VM is "seeing" the Windows partition on the PC where the music files are held and these are copied into the iTunes Library, and the iTunes Library is "seeing" others in the house.
But what of the webcam? Well, a whole new odyssey commences there. One currently without solution - investigating options like emesene in Ubuntu or MSN in Win XP, with no joy at all so far...
Checking del.icio.us bookmarks
Although I am trying to prune down those I no longer need, there is also the question of whether they are all still valid.
So, I found this nifty little application - Fresh del.icio.us - it's a Java app that checks your bookmarks for you!
So, I found this nifty little application - Fresh del.icio.us - it's a Java app that checks your bookmarks for you!
Mac: iPod volume booster
I have this installed - http://volumebooster.tangerine-soft.de/ - not entirely sure how much difference it makes though!
Static IP in Ubuntu
From http://www.prash-babu.com/2008/11/how-to-setup-static-ip-address-in-linux.html
This tutorial would help you configure a static ip address for your linux machine.Static ips are used for a lot of purposes like port forwarding etc . Especially in the case of Ubuntu intrepid , this can be helpful as there seem to be some bug while setting up static ip via the Network Manager (GUI).So you could setup static ip by manually editing the /etc/network/interfaces file.Here's how you go about doing this :
Firstly, You need to know which interface you are dealing with, i.e.for which interface you need to create a static ip.So lets say you want to setup a static ip 192.168.1.10 and your gateway would be your router ip which is 192.168.1.1 .. Now say you want to apply this static ip to the interface eth0 . So here's what you do :
Step 1 : Go to the Terminal(Applications->Accessories->Terminal)
Step 2 : Then type sudo gedit /etc/network/interfaces
Step 3 : Now the interfaces file should open on gedit.
Step 4 : Now look for the line
iface eth0 inet dhcp
and replace it with
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1
Step 5 : Save changes and close the file
Step 6 : Now Back in your terminal type sudo /etc/init.d/networking restart
Step 7 : Then type sudo ifdown eth0
Step 8 : Then type sudo ifup eth0
Step 9 : You should now have the static ip 192.168.1.10 for your interface eth0.
This tutorial would help you configure a static ip address for your linux machine.Static ips are used for a lot of purposes like port forwarding etc . Especially in the case of Ubuntu intrepid , this can be helpful as there seem to be some bug while setting up static ip via the Network Manager (GUI).So you could setup static ip by manually editing the /etc/network/interfaces file.Here's how you go about doing this :
Firstly, You need to know which interface you are dealing with, i.e.for which interface you need to create a static ip.So lets say you want to setup a static ip 192.168.1.10 and your gateway would be your router ip which is 192.168.1.1 .. Now say you want to apply this static ip to the interface eth0 . So here's what you do :
Step 1 : Go to the Terminal(Applications->Accessories->Terminal)
Step 2 : Then type sudo gedit /etc/network/interfaces
Step 3 : Now the interfaces file should open on gedit.
Step 4 : Now look for the line
iface eth0 inet dhcp
and replace it with
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1
Step 5 : Save changes and close the file
Step 6 : Now Back in your terminal type sudo /etc/init.d/networking restart
Step 7 : Then type sudo ifdown eth0
Step 8 : Then type sudo ifup eth0
Step 9 : You should now have the static ip 192.168.1.10 for your interface eth0.
iptables
Previous posts have shown how I set the server up to act as a backup facility. By doing this work, I also covered off the issue of shared files too.
My other main aim was to do with network traffic. I am in an area that is now Local Loop Unbundled, and so my ISP choices are relatively restricted. Moreover, although I have pretty much unlimited access at weekends and evenings, between 9-6 Mon-Fri I have a download limit of only 1GB per month. I don't access the net at those times, but the kids do.
I also want to ensure that the network is "locked down" so far as possible. Although my Belkin F5D7632 wireless router
has network management capabilities in its interface, it is quite limited and inflexible, so I want to do this via the server.
iptables is the logical way to progress. Installing on server is once again straightforward via Synaptic.
The aims are:
1. Weekdays 9-6 - allow SSH, Webmin and IM. If possible, allow HTTP to specified URLs only
2. After 6pm - allow HTTP and HTTPS in addition to the more restricted version above.
I originally followed the tutorial here - https://help.ubuntu.com/community/IptablesHowTo - which got me set up, but I then had many more questions. Referral was also made here - http://www.cyberciti.biz/faq/rhel-fedorta-linux-iptables-firewall-configuration-tutorial/ - and here - http://www.dd-wrt.com/wiki/index.php/Iptables_command#Block_all_traffic_except_HTTP_HTTPS_and_FTP and finally here - http://linuxgazette.net/108/odonovan.html and here - http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables
There does seem to be a means of putting a time stamp within the iptables themselves - but it requires a kernel rebuild.
This, then, is my incredibly wordy solution (which, thus far, works).
1. Give all machines a static IP
2. Turn off DHCP on the router
3. Set up a crontab (using the friendly gnome-schedule front end) that loads different iptables at different times
4. Have (currently) three sets of iptables to cover the eventualities above.
Here's the crontab first:
0 7 * * * /sbin/iptables-restore < /home/name/Desktop/iptables.rules > /dev/null 2>&1
30 08 * * 1-5 /sbin/iptables-restore < /home/name/Desktop/iptables_lockdown.rules > /dev/null 2>&1
30 15 * * 1-5 /sbin/iptables-restore < /home/name/Desktop/iptables_restricted.rules > /dev/null 2>&1
0 18 * * 1-5 /sbin/iptables-restore < /home/name/Desktop/iptables.rules > /dev/null 2>&1
30 22 * * * /sbin/iptables-restore < /home/name/Desktop/iptables_lockdown.rules > /dev/null 2>&1
So what does this mean? Let's go through the second row in crontab:
# Generated by iptables-save v1.4.4 on Sun Jan 31 19:11:31 2010
*mangle
:PREROUTING ACCEPT [3706:361966]
:INPUT ACCEPT [1712:249192]
:FORWARD ACCEPT [1993:112718]
:OUTPUT ACCEPT [1840:557887]
:POSTROUTING ACCEPT [3833:670603]
COMMIT
# Completed on Sun Jan 31 19:11:31 2010
# Generated by iptables-save v1.4.4 on Sun Jan 31 19:11:31 2010
*nat
:PREROUTING ACCEPT [6:555]
:POSTROUTING ACCEPT [3:331]
:OUTPUT ACCEPT [3:454]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Sun Jan 31 19:11:31 2010
# Generated by iptables-save v1.4.4 on Sun Jan 31 19:11:31 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.2.x/32 -j ACCEPT
-A INPUT -s 192.168.2.y/32 -j ACCEPT
-A INPUT -s 192.168.2.z/32 -j ACCEPT
-A INPUT -s 192.168.2.1/32 -p tcp -m tcp --dport 60344 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -p tcp -m tcp --dport 49744 -j ACCEPT
-A INPUT -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 139,145 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m multiport --dports 137,138 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 5900,5901 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A INPUT -p udp -m udp --dport 631 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -p tcp -m multiport --dports 5900,5901 -j ACCEPT
-A FORWARD -s 192.168.2.10/32 -p udp -m multiport --dports 28910,29900,29901,29920,443 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A FORWARD -s 192.168.2.5/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 192.168.2.5/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 192.168.2.3/32 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -j ACCEPT
-A FORWARD -s 192.168.2.15/32 -p tcp -m multiport --dports 1863,5222,5223,443 -j ACCEPT
-A FORWARD -d 192.168.2.15/32 -p tcp -m multiport --dports 1863,5222,5223,443 -j ACCEPT
-A FORWARD -s 192.168.2.8/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 192.168.2.8/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -j DROP
-A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 192.168.2.5/32 -j ACCEPT
-A OUTPUT -d 192.168.2.5/32 -j ACCEPT
-A OUTPUT -j DROP
COMMIT
Now restricted:
# Generated by iptables-save v1.4.4 on Sun Jan 17 17:37:32 2010
*mangle
:PREROUTING ACCEPT [30:2180]
:INPUT ACCEPT [30:2180]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [18:6947]
:POSTROUTING ACCEPT [18:6947]
COMMIT
# Completed on Sun Jan 17 17:37:32 2010
# Generated by iptables-save v1.4.4 on Sun Jan 17 17:37:32 2010
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Sun Jan 17 17:37:32 2010
# Generated by iptables-save v1.4.4 on Sun Jan 17 17:37:32 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.2.5/32 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -j ACCEPT
-A INPUT -s 192.168.2.2/32 -j ACCEPT
-A INPUT -s 192.168.2.1/32 -p tcp -m tcp --dport 60344 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -p tcp -m tcp --dport 49744 -j ACCEPT
-A INPUT -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 139,145 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m multiport --dports 137,138 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 5900,5901 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A INPUT -p udp -m udp --dport 631 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -p tcp -m multiport --dports 5900,5901 -j ACCEPT
-A FORWARD -s 192.168.2.10/32 -p udp -m multiport --dports 28910,29900,29901,29920,443 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A FORWARD -s 192.168.2.5/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
-A FORWARD -d 192.168.2.5/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
-A FORWARD -s 192.168.2.3/32 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -j ACCEPT
-A FORWARD -s 192.168.2.15/32 -p tcp -m multiport --dports 1863,5222,5223,443 -j ACCEPT
-A FORWARD -d 192.168.2.15/32 -p tcp -m multiport --dports 1863,5222,5223,443 -j ACCEPT
-A FORWARD -j DROP
-A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 192.168.2.5/32 -j ACCEPT
-A OUTPUT -d 192.168.2.5/32 -j ACCEPT
-A OUTPUT -j DROP
COMMIT
and finally lockdown:
# Generated by iptables-save v1.4.4 on Mon Jan 18 22:56:31 2010
*mangle
:PREROUTING ACCEPT [134:12204]
:INPUT ACCEPT [134:12204]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [78:17866]
:POSTROUTING ACCEPT [77:17608]
COMMIT
# Completed on Mon Jan 18 22:56:31 2010
# Generated by iptables-save v1.4.4 on Mon Jan 18 22:56:31 2010
*nat
:PREROUTING ACCEPT [1:100]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [1:258]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Mon Jan 18 22:56:31 2010
# Generated by iptables-save v1.4.4 on Mon Jan 18 22:56:31 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.2.5/32 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -j ACCEPT
-A INPUT -s 192.168.2.2/32 -j ACCEPT
-A INPUT -s 192.168.2.1/32 -p tcp -m tcp --dport 60344 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -p tcp -m tcp --dport 49744 -j ACCEPT
-A INPUT -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 139,145 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m multiport --dports 137,138 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 5900,5901 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A INPUT -p udp -m udp --dport 631 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -p tcp -m multiport --dports 5900,5901 -j ACCEPT
-A FORWARD -s 192.168.2.10/32 -p udp -m multiport --dports 28910,29900,29901,29920,443 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A FORWARD -s 192.168.2.5/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 192.168.2.5/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 192.168.2.3/32 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -j ACCEPT
-A FORWARD -j DROP
-A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j DROP
COMMIT
It can easily be seen that each successive variant is a subset of the previous. Here is an annotated version of the "full" rules showing what it means (based on my far from technical understanding):
-A INPUT -i eth0 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7 - I've now removed this logging due to the problems I mention here
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --sport 53 -j ACCEPT - this is for DNS
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT - SSH-A INPUT -s 192.168.2.x/32 -j ACCEPT - server can access network whenever
-A INPUT -s 192.168.2.y/32 -j ACCEPT - so can the Macbook
-A INPUT -s 192.168.2.z/32 -j ACCEPT - the other IP address for Macbook
-A INPUT -s 192.168.2.1/32 -p tcp -m tcp --dport 60344 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -p tcp -m tcp --dport 49744 -j ACCEPT
-A INPUT -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 - also removed-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 139,145 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m multiport --dports 137,138 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 5900,5901 -j ACCEPT - VNC
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT - webmin-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A INPUT -p udp -m udp --dport 631 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT - dns-A FORWARD -p udp -m udp --dport 53 -j ACCEPT - dns
-A FORWARD -p tcp -m tcp --dport 22 -j ACCEPT -ssh
-A FORWARD -p tcp -m multiport --dports 5900,5901 -j ACCEPT - VNC
-A FORWARD -s 192.168.2.10/32 -p udp -m multiport --dports 28910,29900,29901,29920,443 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A FORWARD -s 192.168.2.5/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 192.168.2.5/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 192.168.2.3/32 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -j ACCEPT
-A FORWARD -s 192.168.2.15/32 -p tcp -m multiport --dports 1863,5222,5223,443 -j ACCEPT - https / IM
-A FORWARD -d 192.168.2.15/32 -p tcp -m multiport --dports 1863,5222,5223,443 -j ACCEPT
-A FORWARD -s 192.168.2.15/32 -p tcp -m tcp --dport 80 -j ACCEPT - http
-A FORWARD -d 192.168.2.15/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -j DROP- everything else is dropped
-A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7 - removed
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 192.168.2.5/32 -j ACCEPT
-A OUTPUT -d 192.168.2.5/32 -j ACCEPT
-A OUTPUT -j DROP
As Instant Messaging uses https, I can open the iptables to this channel, while still not allowing http
My other main aim was to do with network traffic. I am in an area that is now Local Loop Unbundled, and so my ISP choices are relatively restricted. Moreover, although I have pretty much unlimited access at weekends and evenings, between 9-6 Mon-Fri I have a download limit of only 1GB per month. I don't access the net at those times, but the kids do.
I also want to ensure that the network is "locked down" so far as possible. Although my Belkin F5D7632 wireless router
iptables is the logical way to progress. Installing on server is once again straightforward via Synaptic.
The aims are:
1. Weekdays 9-6 - allow SSH, Webmin and IM. If possible, allow HTTP to specified URLs only
2. After 6pm - allow HTTP and HTTPS in addition to the more restricted version above.
I originally followed the tutorial here - https://help.ubuntu.com/community/IptablesHowTo - which got me set up, but I then had many more questions. Referral was also made here - http://www.cyberciti.biz/faq/rhel-fedorta-linux-iptables-firewall-configuration-tutorial/ - and here - http://www.dd-wrt.com/wiki/index.php/Iptables_command#Block_all_traffic_except_HTTP_HTTPS_and_FTP and finally here - http://linuxgazette.net/108/odonovan.html and here - http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables
There does seem to be a means of putting a time stamp within the iptables themselves - but it requires a kernel rebuild.
This, then, is my incredibly wordy solution (which, thus far, works).
1. Give all machines a static IP
2. Turn off DHCP on the router
3. Set up a crontab (using the friendly gnome-schedule front end) that loads different iptables at different times
4. Have (currently) three sets of iptables to cover the eventualities above.
Here's the crontab first:
0 7 * * * /sbin/iptables-restore < /home/name/Desktop/iptables.rules > /dev/null 2>&1
30 08 * * 1-5 /sbin/iptables-restore < /home/name/Desktop/iptables_lockdown.rules > /dev/null 2>&1
30 15 * * 1-5 /sbin/iptables-restore < /home/name/Desktop/iptables_restricted.rules > /dev/null 2>&1
0 18 * * 1-5 /sbin/iptables-restore < /home/name/Desktop/iptables.rules > /dev/null 2>&1
30 22 * * * /sbin/iptables-restore < /home/name/Desktop/iptables_lockdown.rules > /dev/null 2>&1
So what does this mean? Let's go through the second row in crontab:
- 30 means minutes past hour
- 8 is the hour
- The next two asterisks are where one would place limits by day of the month and month of the year
- 1-5 means this applies on days Monday to Friday (crontab works from Sunday as day 0)
- Then the main command tells the system to replace the running iptables with those specified
- Finally > /dev/null 2>&1 means there is no output
# Generated by iptables-save v1.4.4 on Sun Jan 31 19:11:31 2010
*mangle
:PREROUTING ACCEPT [3706:361966]
:INPUT ACCEPT [1712:249192]
:FORWARD ACCEPT [1993:112718]
:OUTPUT ACCEPT [1840:557887]
:POSTROUTING ACCEPT [3833:670603]
COMMIT
# Completed on Sun Jan 31 19:11:31 2010
# Generated by iptables-save v1.4.4 on Sun Jan 31 19:11:31 2010
*nat
:PREROUTING ACCEPT [6:555]
:POSTROUTING ACCEPT [3:331]
:OUTPUT ACCEPT [3:454]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Sun Jan 31 19:11:31 2010
# Generated by iptables-save v1.4.4 on Sun Jan 31 19:11:31 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.2.x/32 -j ACCEPT
-A INPUT -s 192.168.2.y/32 -j ACCEPT
-A INPUT -s 192.168.2.z/32 -j ACCEPT
-A INPUT -s 192.168.2.1/32 -p tcp -m tcp --dport 60344 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -p tcp -m tcp --dport 49744 -j ACCEPT
-A INPUT -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 139,145 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m multiport --dports 137,138 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 5900,5901 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A INPUT -p udp -m udp --dport 631 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -p tcp -m multiport --dports 5900,5901 -j ACCEPT
-A FORWARD -s 192.168.2.10/32 -p udp -m multiport --dports 28910,29900,29901,29920,443 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A FORWARD -s 192.168.2.5/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 192.168.2.5/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 192.168.2.3/32 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -j ACCEPT
-A FORWARD -s 192.168.2.15/32 -p tcp -m multiport --dports 1863,5222,5223,443 -j ACCEPT
-A FORWARD -d 192.168.2.15/32 -p tcp -m multiport --dports 1863,5222,5223,443 -j ACCEPT
-A FORWARD -d 192.168.2.8/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 192.168.2.5/32 -j ACCEPT
-A OUTPUT -d 192.168.2.5/32 -j ACCEPT
-A OUTPUT -j DROP
COMMIT
Now restricted:
# Generated by iptables-save v1.4.4 on Sun Jan 17 17:37:32 2010
*mangle
:PREROUTING ACCEPT [30:2180]
:INPUT ACCEPT [30:2180]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [18:6947]
:POSTROUTING ACCEPT [18:6947]
COMMIT
# Completed on Sun Jan 17 17:37:32 2010
# Generated by iptables-save v1.4.4 on Sun Jan 17 17:37:32 2010
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Sun Jan 17 17:37:32 2010
# Generated by iptables-save v1.4.4 on Sun Jan 17 17:37:32 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.2.5/32 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -j ACCEPT
-A INPUT -s 192.168.2.2/32 -j ACCEPT
-A INPUT -s 192.168.2.1/32 -p tcp -m tcp --dport 60344 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -p tcp -m tcp --dport 49744 -j ACCEPT
-A INPUT -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 139,145 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m multiport --dports 137,138 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 5900,5901 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A INPUT -p udp -m udp --dport 631 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -p tcp -m multiport --dports 5900,5901 -j ACCEPT
-A FORWARD -s 192.168.2.10/32 -p udp -m multiport --dports 28910,29900,29901,29920,443 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A FORWARD -s 192.168.2.5/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
-A FORWARD -d 192.168.2.5/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
-A FORWARD -s 192.168.2.3/32 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -j ACCEPT
-A FORWARD -s 192.168.2.15/32 -p tcp -m multiport --dports 1863,5222,5223,443 -j ACCEPT
-A FORWARD -d 192.168.2.15/32 -p tcp -m multiport --dports 1863,5222,5223,443 -j ACCEPT
-A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 192.168.2.5/32 -j ACCEPT
-A OUTPUT -d 192.168.2.5/32 -j ACCEPT
-A OUTPUT -j DROP
COMMIT
and finally lockdown:
# Generated by iptables-save v1.4.4 on Mon Jan 18 22:56:31 2010
*mangle
:PREROUTING ACCEPT [134:12204]
:INPUT ACCEPT [134:12204]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [78:17866]
:POSTROUTING ACCEPT [77:17608]
COMMIT
# Completed on Mon Jan 18 22:56:31 2010
# Generated by iptables-save v1.4.4 on Mon Jan 18 22:56:31 2010
*nat
:PREROUTING ACCEPT [1:100]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [1:258]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Mon Jan 18 22:56:31 2010
# Generated by iptables-save v1.4.4 on Mon Jan 18 22:56:31 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.2.5/32 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -j ACCEPT
-A INPUT -s 192.168.2.2/32 -j ACCEPT
-A INPUT -s 192.168.2.1/32 -p tcp -m tcp --dport 60344 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -p tcp -m tcp --dport 49744 -j ACCEPT
-A INPUT -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 139,145 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m multiport --dports 137,138 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 5900,5901 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A INPUT -p udp -m udp --dport 631 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -p tcp -m multiport --dports 5900,5901 -j ACCEPT
-A FORWARD -s 192.168.2.10/32 -p udp -m multiport --dports 28910,29900,29901,29920,443 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A FORWARD -s 192.168.2.5/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 192.168.2.5/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 192.168.2.3/32 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -j ACCEPT
-A FORWARD -j DROP
-A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j DROP
COMMIT
It can easily be seen that each successive variant is a subset of the previous. Here is an annotated version of the "full" rules showing what it means (based on my far from technical understanding):
-A INPUT -i eth0 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7 - I've now removed this logging due to the problems I mention here
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --sport 53 -j ACCEPT - this is for DNS
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT - SSH-A INPUT -s 192.168.2.x/32 -j ACCEPT - server can access network whenever
-A INPUT -s 192.168.2.y/32 -j ACCEPT - so can the Macbook
-A INPUT -s 192.168.2.z/32 -j ACCEPT - the other IP address for Macbook
-A INPUT -s 192.168.2.1/32 -p tcp -m tcp --dport 60344 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -p tcp -m tcp --dport 49744 -j ACCEPT
-A INPUT -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 - also removed-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 139,145 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p udp -m multiport --dports 137,138 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -m multiport --dports 5900,5901 -j ACCEPT - VNC
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT - webmin-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A INPUT -p udp -m udp --dport 631 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT - dns-A FORWARD -p udp -m udp --dport 53 -j ACCEPT - dns
-A FORWARD -p tcp -m tcp --dport 22 -j ACCEPT -ssh
-A FORWARD -p tcp -m multiport --dports 5900,5901 -j ACCEPT - VNC
-A FORWARD -s 192.168.2.10/32 -p udp -m multiport --dports 28910,29900,29901,29920,443 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -p tcp -m tcp --dport 49743 -j ACCEPT
-A FORWARD -s 192.168.2.5/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 192.168.2.5/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 192.168.2.3/32 -j ACCEPT
-A FORWARD -s 192.168.2.2/32 -j ACCEPT
-A FORWARD -s 192.168.2.15/32 -p tcp -m multiport --dports 1863,5222,5223,443 -j ACCEPT - https / IM
-A FORWARD -d 192.168.2.15/32 -p tcp -m multiport --dports 1863,5222,5223,443 -j ACCEPT
-A FORWARD -s 192.168.2.15/32 -p tcp -m tcp --dport 80 -j ACCEPT - http
-A FORWARD -d 192.168.2.15/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -j DROP- everything else is dropped
-A OUTPUT -o eth0 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7 - removed
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 192.168.2.5/32 -j ACCEPT
-A OUTPUT -d 192.168.2.5/32 -j ACCEPT
-A OUTPUT -j DROP
As Instant Messaging uses https, I can open the iptables to this channel, while still not allowing http
Bash History on server
Akin to the MBP variant posted previously:
sudo mkdir squid.conf
sudo cp squid.conf/* /etc/squid.conf
sudo nano /etc/dansguardian/dansguardian.conf
cd /etc/dansguardian/languages
sudo rm -R swedish
sudo rm -R spanish
sudo rm -R slovak
sudo rm -R czech
sudo rm -R hebrew
sudo rm -R polish
sudo rm -R turkish
sudo rm -R malay
sudo rm -R danish
sudo rm -R dutch
sudo rm -R italian
sudo rm -R chinesegb2312
sudo rm -R chinesebig5
sudo rm -R german
sudo rm -R hungarian
sudo rm -R lithuanian
sudo rm -R russian-koi8-r
sudo rm -R indonesian
sudo rm -R ptbrazilian
sudo rm -R portuguese
sudo rm -R russian-1251
sudo rm -R bulgarian
sudo rm -R japanese
sudo nano /etc/dansguardian/languages/ukenglish/template.html
sudo nano /etc/dansguardian/dansguardian.conf
sudo /etc/init.d/dansguardian restart
sudo ufw default DENY
sudo ufw ALLOW 8080
sudo ufw enablef
sudo squid help
sudo dpkg --get-selections > installed-software.txt
cp .bash_history /home/name/bash_history
refresh_squidguard_bl.sh
sudo apt-get install clamav-daemon clamav-freshclam
sudo adduser --system --no-create-home --disabled-password --disabled-login --shell /bin/false --group --home /var/lib/clamav clamav
sudo adduser --system --no-create-home --disabled-password --disabled-login --shell /bin/false --group --home /var/lib/clamav clamav
sudo apt-get install clamav-daemon clamav-freshclam
sudo /etc/init.d/clamav-freshclam restart
cd /etc/clamav
sudo nano freshclam.conf
sudo nano /etc/dansguardian/languages/ukenglish/template.html
sudo squid -k shutdown
sudo squid reload
sudo squid -k check
sudo /etc/init.d/squid reload
sudo /etc/init.d/dansguardian restart
sudo freshclam
cd /etc/squid
sudo nano squid.conf
cd squid.conf
sudo rm -R squid.conf
vi #/.bashrc
whereis x11vnc
df -H
x11vnc -auth /var/gdm/:0.Xauth
sudo nano /etc/gdm/gdm.conf
sudo nano /etc/gdm/Init/Default
sudo nano /etc/gdm/PreSession/Default
ls -l
cp .bash_history /home/name/bash_ubuntu.txt
sudo chmod og=r -R *
nmap -sL
ping 192.168.1.255
arp -a
nmap -sP 192.168.1.1/24
nmap -sP 192.168.2.1/15
sudo fdisk -l
sudo apt-get autoclean
sudo apt-get clean
sudo apt-get purge
sudo apt-get install squid squid-common
sudo apt-get remove squid squid-common
sudo apt-get remove virtualbox
sudo dpkg --get-selections > installed-software.txt
sudo apt-get remove virtualbox-ose-qt
sudo apt-get purge virtualbox-ose-qt
sudo apt-get autoremove
sudo gedit /etc/fstab
sudo gedit /boot/grub/menu.lst
sudo tcpdump
cd /media/sda1
sudo apt-get install arp-scan
netstat -a
netstat -r
netstat
ntop
nmap 192.168.2.1
nmap 192.168.2.5
nmap 192.168.2.3
nmap 192.168.2.2
nmap 192.168.2.4
nmap 192.168.2.13
ping 192.168.2.1
lspci -v
iwconfig
sudo gedit /etc/network/interfaces
ifconfig -a
sudo route add -host 255.255.255.255 dev eth0
sudo gedit /etc/default/dhcp3-server
cp .bash_history /home/name/bash_ubuntu.txt
sudo gedit /etc/dhcpd.conf
ifconfig
sudo /etc/init.d/dhcp3-server restart
sudo /usr/sbin/dhcpd3
sudo gedit /etc/network/interfaces
sudo /etc/init.d/ssh start
sudo /etc/init.d/ssh stop
sudo /etc/init.d/ssh restart
sudo arp-scan 192.168.2.1/25
cd /etc
screen
screen -rd
grep ipp2p
lsmod | grep ipp2p
lsmod | grep firefox
locale -a
locale
whereis dumpkeys
whereis prep
whereis grep
sudo apt-get install build-essential
sudo chmod og=r -R *
crontab -e
sudo /etc/init.d/ssh restart
sudo mkdir squid.conf
xrandr
xrandr --output LVDS --mode 1024x768
xrandr--addmode default 1280x1024_60.00
xrandr --addmode default 1280x1024_60.00
xrandr --addmode default 1280x1024
xrandr --addmode default 1084x768
xrandr help
xrandr --output --mode 1024x768
service gdm stop
Xorg -configure
dpkg-reconfigure -phigh xserver-xorg
sudo dpkg-reconfigure -phigh xserver-xorg
gksudo gedit /etc/X11/xorg.conf
lspci | grep -i nvidia
cp .bash_history /home/name/bash_ubuntu.txt
cat /proc/sys/net/ipv4/ip_forward
echo "1"> /proc/sys/net/ipv4/ip_forward
sudo echo "1"> /proc/sys/net/ipv4/ip_forward
man x11vnc
sudo /etc/init.d/gdm restart
sudo nano .bash_history
sudo crontab -e
x11vnc
service gdm restart
sudo service gdm restart
sudo apt-get install wireshark
sudo gedit /etc/apt/sources.list
sudo apt-get update
sudo apt-get autoremove
sudo crontab -e
sudo find /var/log -type f
sudo find /var/log -type f -delete
cd /var/log
ls
dh -h
gedit .bash_history
It can be seen I have tampered with Squid. But that is all so far!
sudo mkdir squid.conf
sudo cp squid.conf/* /etc/squid.conf
sudo nano /etc/dansguardian/dansguardian.conf
cd /etc/dansguardian/languages
sudo rm -R swedish
sudo rm -R spanish
sudo rm -R slovak
sudo rm -R czech
sudo rm -R hebrew
sudo rm -R polish
sudo rm -R turkish
sudo rm -R malay
sudo rm -R danish
sudo rm -R dutch
sudo rm -R italian
sudo rm -R chinesegb2312
sudo rm -R chinesebig5
sudo rm -R german
sudo rm -R hungarian
sudo rm -R lithuanian
sudo rm -R russian-koi8-r
sudo rm -R indonesian
sudo rm -R ptbrazilian
sudo rm -R portuguese
sudo rm -R russian-1251
sudo rm -R bulgarian
sudo rm -R japanese
sudo nano /etc/dansguardian/languages/ukenglish/template.html
sudo nano /etc/dansguardian/dansguardian.conf
sudo /etc/init.d/dansguardian restart
sudo ufw default DENY
sudo ufw ALLOW 8080
sudo ufw enablef
sudo squid help
sudo dpkg --get-selections > installed-software.txt
cp .bash_history /home/name/bash_history
refresh_squidguard_bl.sh
sudo apt-get install clamav-daemon clamav-freshclam
sudo adduser --system --no-create-home --disabled-password --disabled-login --shell /bin/false --group --home /var/lib/clamav clamav
sudo adduser --system --no-create-home --disabled-password --disabled-login --shell /bin/false --group --home /var/lib/clamav clamav
sudo apt-get install clamav-daemon clamav-freshclam
sudo /etc/init.d/clamav-freshclam restart
cd /etc/clamav
sudo nano freshclam.conf
sudo nano /etc/dansguardian/languages/ukenglish/template.html
sudo squid -k shutdown
sudo squid reload
sudo squid -k check
sudo /etc/init.d/squid reload
sudo /etc/init.d/dansguardian restart
sudo freshclam
cd /etc/squid
sudo nano squid.conf
cd squid.conf
sudo rm -R squid.conf
vi #/.bashrc
whereis x11vnc
df -H
x11vnc -auth /var/gdm/:0.Xauth
sudo nano /etc/gdm/gdm.conf
sudo nano /etc/gdm/Init/Default
sudo nano /etc/gdm/PreSession/Default
ls -l
cp .bash_history /home/name/bash_ubuntu.txt
sudo chmod og=r -R *
nmap -sL
ping 192.168.1.255
arp -a
nmap -sP 192.168.1.1/24
nmap -sP 192.168.2.1/15
sudo fdisk -l
sudo apt-get autoclean
sudo apt-get clean
sudo apt-get purge
sudo apt-get install squid squid-common
sudo apt-get remove squid squid-common
sudo apt-get remove virtualbox
sudo dpkg --get-selections > installed-software.txt
sudo apt-get remove virtualbox-ose-qt
sudo apt-get purge virtualbox-ose-qt
sudo apt-get autoremove
sudo gedit /etc/fstab
sudo gedit /boot/grub/menu.lst
sudo tcpdump
cd /media/sda1
sudo apt-get install arp-scan
netstat -a
netstat -r
netstat
ntop
nmap 192.168.2.1
nmap 192.168.2.5
nmap 192.168.2.3
nmap 192.168.2.2
nmap 192.168.2.4
nmap 192.168.2.13
ping 192.168.2.1
lspci -v
iwconfig
sudo gedit /etc/network/interfaces
ifconfig -a
sudo route add -host 255.255.255.255 dev eth0
sudo gedit /etc/default/dhcp3-server
cp .bash_history /home/name/bash_ubuntu.txt
sudo gedit /etc/dhcpd.conf
ifconfig
sudo /etc/init.d/dhcp3-server restart
sudo /usr/sbin/dhcpd3
sudo gedit /etc/network/interfaces
sudo /etc/init.d/ssh start
sudo /etc/init.d/ssh stop
sudo /etc/init.d/ssh restart
sudo arp-scan 192.168.2.1/25
cd /etc
screen
screen -rd
grep ipp2p
lsmod | grep ipp2p
lsmod | grep firefox
locale -a
locale
whereis dumpkeys
whereis prep
whereis grep
sudo apt-get install build-essential
sudo chmod og=r -R *
crontab -e
sudo /etc/init.d/ssh restart
sudo mkdir squid.conf
xrandr
xrandr --output LVDS --mode 1024x768
xrandr--addmode default 1280x1024_60.00
xrandr --addmode default 1280x1024_60.00
xrandr --addmode default 1280x1024
xrandr --addmode default 1084x768
xrandr help
xrandr --output --mode 1024x768
service gdm stop
Xorg -configure
dpkg-reconfigure -phigh xserver-xorg
sudo dpkg-reconfigure -phigh xserver-xorg
gksudo gedit /etc/X11/xorg.conf
lspci | grep -i nvidia
cp .bash_history /home/name/bash_ubuntu.txt
cat /proc/sys/net/ipv4/ip_forward
echo "1"> /proc/sys/net/ipv4/ip_forward
sudo echo "1"> /proc/sys/net/ipv4/ip_forward
man x11vnc
sudo /etc/init.d/gdm restart
sudo nano .bash_history
sudo crontab -e
x11vnc
service gdm restart
sudo service gdm restart
sudo apt-get install wireshark
sudo gedit /etc/apt/sources.list
sudo apt-get update
sudo apt-get autoremove
sudo crontab -e
sudo find /var/log -type f
sudo find /var/log -type f -delete
cd /var/log
ls
dh -h
gedit .bash_history
It can be seen I have tampered with Squid. But that is all so far!
Subscribe to:
Posts (Atom)
Posts
