Saturday, January 31, 2009

Insert utf-8 unicode data with PHP and MS SQL Server

The n- columns offer the best solution. I would give ADODB another
shot. COM is problematic in PHP4. Support might have improved in PHP5.
In theory, if you pass CP_UTF8 as codepage to COM(), you'd get UTF-8
text out of the resultsets. I remember that when I tried it though,
nothing happened. This was a couple years ago. Maybe newer versions of
ADODB would work better.

If you're using PHP on a Windows platform you can use the PHP COM
extension to communicate with SQL Server via ADO. The PHP COM extension
is capable of translating UTF-8 to UCS-2 and back if you specify so as
the third parameter:


$oDb = new COM('ADODB.Connection', NULL, CP_UTF8);


This way you can use Unicode UTF-8 within PHP and Unicode UCS-2 within
SQL Server with all the translations done for you automatically.


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<form action="p.php" method="POST">
password<input type="text" name="password">

note<input type="text" name="note">

<input type="hidden" name="submist_info" value="yes">
<input type="submit">
</form>
<?php
$myServer = "localhost";
$myUser = "";
$myPass = "";
$myDB = "";

//create an instance of the ADO connection object
$conn = new COM ("ADODB.Connection", NULL, CP_UTF8)
or die("Cannot start ADO");

//define connection string, specify database driver
$connStr = "PROVIDER=SQLOLEDB;SERVER=".$myServer.";UID=".$myUser.";PWD=".$myPass.";DATABASE=".$myDB;
$conn->open($connStr); //Open the connection to the database

//declare the SQL statement that will query the database
$query = "SELECT TOP 1 * FROM my_member ORDER by ID desc";

//execute the SQL statement and return records
$rs = $conn->execute($query);

$num_columns = $rs->Fields->Count();
echo $num_columns . " Fields
";

for ($i=0; $i < $num_columns; $i++) { $fld[$i] = $rs->Fields($i);
}

echo "";

while (!$rs->EOF) //carry on looping through while there are records
{
echo "";
for ($i=0; $i < $num_columns; $i++) { echo "";
}
echo "";
$rs->MoveNext(); //move on to the next record
}


echo "
" . $fld[$i]->value . "
";

if( $_POST['submist_info'] == "yes" ){
$password = $_POST['password'];
$note = $_POST['note'];

//$password = mb_convert_encoding($password,"UCS2","UTF-8");
//$note = mb_convert_encoding($note,"UCS2","UTF-8");

// Note: the N before the value data. N stands for National Character for inserting unicode utf-8 to SQL server
$query = "INSERT INTO cwn_member ( name, password, note2 ) VALUES ( 'dan".$i."', N'".$password."', N'".$note."' ) ";
$conn->execute($query);

}

//close the connection and recordset objects freeing up resources
$rs->Close();

$conn->Close();

$rs = null;
$conn = null;
?>






In MySQL,

on top of the script:

mb_internal_encoding("UTF-8");


before querying data:

SET NAMES 'utf8';
SET CHARACTER SET 'utf8';

use php to connect to MS SQL server


<?php
$myServer = "localhost";
$myUser = "";
$myPass = "";
$myDB = "";

//create an instance of the ADO connection object
$conn = new COM ("ADODB.Connection")
or die("Cannot start ADO");

//define connection string, specify database driver
$connStr = "PROVIDER=SQLOLEDB;SERVER=".$myServer.";UID=".$myUser.";PWD=".$myPass.";DATABASE=".$myDB;
$conn->open($connStr); //Open the connection to the database

//declare the SQL statement that will query the database
$query = "SELECT * FROM test_member";

//execute the SQL statement and return records
$rs = $conn->execute($query);

$num_columns = $rs->Fields->Count();
echo $num_columns . "
";

for ($i=0; $i < $num_columns; $i++) {
$fld[$i] = $rs->Fields($i);
}

echo "";

while (!$rs->EOF) //carry on looping through while there are records
{
echo "";
for ($i=0; $i < $num_columns; $i++) {
echo "";
}
echo "";
$rs->MoveNext(); //move on to the next record
}


echo "
" . $fld[$i]->value . "
";

//close the connection and recordset objects freeing up resources
$rs->Close();
$conn->Close();

$rs = null;
$conn = null;
?>

Friday, January 30, 2009

Permission Issue After Backup & Restore

Permission Issue After Backup & Restore

I have a system at work and 1 at home. When I backup the db from my work system and restore it to my home system, the user permissions are not working. I checked the properties of the database under the Permissions tab and I see Users, but when I click the Effective Permissions button, I get an error "Cannot execute as the database principal because "user_me" does not exist,..."

I check the Microsoft KB and got a hit, but that is for database ownership, not user permissions. I've had to work around this by creating a new user on my home system, but I would really like to figure out how to keep the same user name, etc. to keep the 2 systems the same. Thanks!

BTW, the SQL Server 2005 Express error message ID is 15517 and LinkId is 20476, but there is no page for this link when I click on it.


Solution:

When you back up and restore you have to rerun the permissions script if you have one or re-issue the permissions manually for the users you had earlier.

You can generate the scripts for creating the permissions from your souce server. compile/execute them on the second server.

I think I have the procedure. Select DB, right-click, Tasks, Generate Scripts.

I'll select the Users and permissions to generate. Thanks for your help! I'll post when I complete the task.

The final fix was to drop the user from the database properties dialog. That way the login on the server where I restored the database could be assigned to the restored database without the "user already exists" error.

Finally!

Score: SQL Server Express 2005 1 Me 1

I

l'll call it a night!

Missing Sql Server Management Studio - solution

Missing Sql Server Management Studio - solution
The other day I was installing SQL Server 2005 and realized that the installation did not install Management Studio. So I reinstalled the sql tools from the CD but that didn't work so I uninstalled and reinstalled, still no luck. The only item which would show up under start-> programs-> Microsoft SQL Server is the Configuration Tools. If you are having the same issue you've come to the right place.

Problem:

SQL Server Management Studio did not install with sql server 2005

Issue:

When installing visual studio you may have installed SQLExpress, which created a tools folder in "C:\Program Files\Microsoft SQL Server\90". SQL Server installation will look for that folder and if it's found it will simply move on.

Solution: Rename the tools folder in C:\Program Files\Microsoft SQL Server\90 and then reinstall the tools and components off the CD.

This solution seems to be working for most people. Give Props to Koti for solving the problem.

KOTI: Recommends re-installing tools by gonig to set-up files and double clicking "SqlRun_Tools" exe file, then selected necessary tool to be installed. which worked like gem.

Hope this helps someone out.

Pete Orologas

Published Thursday, October 12, 2006 5:04 AM by Porologas
Comment Notification
If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments
Brent Arias said:
I think MS discovered this valuable solution of yours, and disabled it. I ran into the same problem (WinXP, Visual Studio 2005 Professional installed, then installed SQL Server 2005) of not having Management Studio. When I renamed the directory you mentioned, it just caused all kinds of problems with the installer (and the installer would just re-create the directory immediately anyway, sans studio).

But another trick worked. After I select the tools component for installation, using the tools installer executed directly from the CD, the next step says something like "the following items are already installed, and so are ignored" - it lists a documentation component as already installed, and shows a checkbox by it. It gives no explanation of what the check box is for. If you simply hit "next," you are told the installer has nothing to do (and you are doomed). But If you click the check box on the documentation item and hit next, it causes the tools to be uninstalled and re-installed with management studio. Problem solved.

What could possibly be more intuitive?


December 6, 2006 12:26 AM
Guli Polla said:
I have 64but version and neither of these options worked for me

Nothing happens if I change the name tools folder in either the 64bit or x86 paths

and the check box is not aviable as per the second solution!!!


December 13, 2006 5:48 AM
John Reynolds said:
I have a Visual Studio 2005 upgrade to VS '03. I had to reinstall Windows, and so directly installed VS without first installing the older version. Visual Studio installed, but I was never able to get SQL Svr management studio to install because it was "already installed". I finally clicked on "More Information" or some such, after which I found out that it's an upgrade and I have to install Sql Server 2000 first.

I'm beginning to hate the way Microsoft treats its paying customers.
February 7, 2007 2:31 PM
Lu Cao said:
I got same problem with SQL Server 2005.
I installed Visual Studio 2005 first, then install SQL SERVER 2005 64bit on Vista 64bit OS. but not install SQL Server Management Studio. tied to download form MS webstie. got error code "29506". tied uninstall SQL server 2005, not successed.
tied detele register on REGEDIT. reinstall SQL SERVER 2005 64bit. still not installed SSMS.

I dont know what can i do now. only way reload OS. but have to call MS actived OS and Microsoft 2007. so bad.
April 3, 2007 7:02 PM
koti said:
Hi, when i faced same issue, i tried to re-install tools by gonig to set-up files and double clicking "SqlRun_Tools" exe file, then selected necessary tool to be installed. which worked like gem.

Hope this helps you all.
April 27, 2007 8:54 AM
Matrix1000 said:
What koti said worked for me! Thanks!!!
April 29, 2007 10:31 PM
Carla said:
I did the suggestion from Koti and it worked!! Been fighting with this for days...thanks so much!
May 4, 2007 9:19 AM
Grant said:
Koti's suggestion worked perfectly for me! Unbelievable that this is such an issue...methinks Microsoft has some work to do on this one. Thanks Koti!
May 7, 2007 12:15 PM
Jim said:
On vista. i had VStudio 2005 and had the same problem after installing sql 2005 developer.

steps i did
1) remove sql server in control panel / programs (it will give you an option of express sql and sql 2005) - VS 2005 seems to install express sql without any option.
2) select and remove express 2005 with all the rubbish
3) run SqlRun_Tools from the cd .
4) follow thru the installation and it works
May 14, 2007 4:47 AM
Hoa said:
Thanks for the solution.
May 19, 2007 3:49 AM
Larry D said:
Having the same issue as Jim. His solution did the deed. Thanks Jim
June 5, 2007 8:54 PM
Gra said:
Thanks so much for the info guys, my head was wrecked!
I didnt need to rename the folder, simply ran the SqlRun_Tools exe
June 13, 2007 3:42 AM
John Reynolds said:
Thanks for this solution! Add me to the list of those who were having this problem. I needed Management Studio, and not the Express version, so I could more easily copy a database.

(I'm a different John Reynolds than the one who posted above. What are the odds?)
June 14, 2007 9:34 AM
Myron Bollman said:
I had this problem also, and simply ran the SqlRun_Tools and all is fixed! Thanks for the hints.
June 14, 2007 11:38 AM
elpres said:
the file is called sqlRun_tools.msi on my disc, the solution worked fine.. im soooo glaaad, i hvae been looking for studio mangement in a week.
June 15, 2007 3:50 AM
Mattisimo said:
I was installing the x64 version of SQL and didn't get the MS. Thank you so much for your help. I wish I had searched before assuming there was something wrong with windows and reinstalling my OS.

Looks like it puts a lot in the x86 fodler when it does it correctly.

Thanks again. *tips hat*
June 20, 2007 12:48 PM
Christian Donner said:
This did not work for me, unfortunately, and I am still investigating. I assume it is because I upgraded to SP1 after the install and Windows applied several patches. Anyways, I am getting this error:

A component that you have specified in the ADD_LOCAL property is already installed. To upgrade the existing component, refer to the template.ini and set the UPGRADE property to the name of the component.
July 9, 2007 8:07 AM
Christian Donner said:
An update and a clarification: what did not work for me was the selective update of the client components. My distribution comes with a SqlRun_Tools.msi, not an exe. When I ran it I got the above error.
However, I was able to get the missing components by uninstalling the SQLExpress from the SQL Server setup (Control Panel, add/remove programs) - not the Visual Studio setup that originally installed. Once the Express edition was gone, I was able to re-run the SQL Server setup (the full version that auto-runs from the DVD) and install the missing pieces. I subsequently had to re-run the SP2 (not 1 as I misstated earlier) setup as well and it was only applied to the newly installed pieces.
July 9, 2007 9:26 AM
Jun said:
I got the same error with Christian Donner when I run the SqlRun_Tools.msi. But I don't want to uninstall the SQL server express edition since it is used for some vs2005 projects. Is there any solution without uninstalling SQL Express?

I have tried to rename the Tools folder and run SqlRun_Tools.msi again, not working either.
July 20, 2007 9:11 AM
Olen said:
My god, two computers, two installs. On the laptop, I had Sql 2005 express installed. So I uninstalled it. I uninstalled the mobile edition that was on there too. Then I found out that I needed to install IIS. Maybe I did, maybe not, but I installed. Then I had to run the install from the command line with an update parameter set because I still have other instances of SQL Server on the laptop. Finally, I got the tools to install. I think maybe I could have installed from the command line from the beginning and would not have had to go through all the trouble. I saw the management software. Now, since I'm on Vista, I then had to install service pack 2. It works now.

On my Desktop, I had already installed Sp2 when I realized I had an issue. So, I had to uninstall everything. It looks good now.

I've spent 3 hours with this. The install is very slow.
July 21, 2007 2:40 PM
Manny said:
already installed sp2 on standard and had sql express instance installed.
had to go to control panel and choose remove on SQL Server 2005. (was prepared to start again from scratch) Fortunately, there was an option to remove only workstation components. (the documentation was of a higher version number than what was on the DVD which was blocking the install) After that, using Koti's solution worked great!
July 27, 2007 11:12 AM
BIzz said:
File is called sqlRun_tools.msi on mine too the solution worked a treat, thanks Guys...
August 6, 2007 7:00 AM
vandba said:
Thanks for the solution! It works for me too.

Vandba
August 8, 2007 9:38 AM
KAULIK said:
Hi guys,
I am Having the same problem.
I have searched the whole PC & SQL Server 2005 DVD for the "SqlRun_Tools.msi" but couldnt found .
please help me .
thanx


August 11, 2007 3:00 AM
The Chad said:
Manny's solution worked a charm......sound....
August 13, 2007 7:05 AM
veron said:
hey am havin da same problem ......plis help me
September 5, 2007 7:55 AM
jospeh said:
Neither of the above two solutions works for me,why?
September 15, 2007 10:51 AM
Ryan said:
Worked like a charm!!! Saved me so much time. Microsoft has officially become the bain of my existance this week. Also remember to rename the Tools directory to something like 'Tools_bak'.

Cheers!
September 28, 2007 11:10 AM
Eugene said:
Thanks a lot! it work!
October 2, 2007 1:29 PM
Eugene said:
Thanks a lot! it works!
October 2, 2007 1:29 PM
Mank said:
I had problems with it on Vista.

The solution was to remove SQl Express and then remove the Workstation Components from SQl Server 2005.
October 3, 2007 9:42 AM
Elmar said:
Thanks Koti, saved me a lot of time!
Just ran $\Tools\Setup\SqlRun_Tools.msi and got my Management Tools installed from there.
October 9, 2007 1:05 AM
Chris Mosby’s IT Blog » Blog Archive » SQL Express 2005 Advanced Won’t Install Studio said:
PingBack from http://www.mosby.org/blog/2007/12/21/sql-express-2005-advanced-wont-install-studio-2/
December 22, 2007 6:13 AM
Chris Mosby’s IT Blog » Blog Archive » SQL Express 2005 Advanced Won’t Install Studio said:
PingBack from http://www.mosby.org/blog/2007/12/23/sql-express-2005-advanced-wont-install-studio-3/
December 23, 2007 6:31 PM
Rohit said:
I also got the same problem of Management studio not getting installed
January 7, 2008 8:53 PM
Huxley said:
Thanks allot guys, this worked for me. I used Manny's solution but when i was trying to open SqlRun_Tools.msi i got some errors. If you are facing this problem try this. After you have installed the sql server and downloaded the sp2. Go to programs in control panel, click remove Microsoft sql server 2005 and only chose the workstation components. After that start the sql install agen and then only install the workstation components. this worked for me, hope this helps someone.
January 10, 2008 4:23 AM
Pooya said:
Thanks Huxley.
Huxley's solution works!
January 20, 2008 1:54 AM
om said:
omg so annoying,

I tried the sqlRun_tools.msi and it ran but I got some cryptic error message when trying to open management studio. I then read somewhere else that you have to re-apply SP2. So, I went to Microsoft updated and re-applied SP2 and it now works!!!

This was on the 64x version
January 29, 2008 12:45 PM
Nathan Heberley said:
Thanks guys,

The solution that worked for me was to
1. uninstall Express and the workstation components.
2. Then run SqlRun_Tools.exe
3. reinstall workstation components

My issue is that I had some third party software that was using express and now I have to install them again.


Thanks for your help guys
January 30, 2008 3:15 PM
Brent Welke said:
I too had prolems not being able to install until I also installed "windows installer Cleanup Utility". Google it, install from Microsoft.

Like me you may find some extra installs of "SQL 2005 Express tools" installed on your machine that you are not seeing in the "Add Remove Programs". This utility will help you delete them so you can install then again.


January 31, 2008 4:41 PM
Fist said:
Ok neither of these stuff did not work and i wanted to keep SQL Express. Here is what you do:

1. Rename "Tools" directory
2. Go to Add/Remove Programs and click on "SQL Server 2005" - remove
3. Click on "Workstation Components" and remove them
4. When that is done click again on "SQL Server 2005" this time "Change"
5. At the top you will notice a blue link that gives you option to install additional stuff
6. Click that and it will prompt you for "Setup.exe" find it in second cd of SQL Server (tools cd)
7. Add all stuff
8. Install

All done :)

Hope it helped
February 3, 2008 8:40 AM
Gajendran said:
thanks a lot. its very useful to me
February 5, 2008 9:30 PM
Plavvy said:
i had the same problem using SBS2003. I ran the install from the command line with the switch -> SKUUPGRADE=1. This then allowed me to override the previous installation.
February 6, 2008 6:18 AM
dattard said:
The sqlrun_tools solution worked for me. Cheers.
March 4, 2008 12:11 AM
Chuck said:
Yet another satisfied customer. Thanks for the info.
March 6, 2008 5:26 AM
KayDsouza said:
Wow that was helpful! Worked like a charm.
March 6, 2008 10:03 PM
http://blogs.neudesic.com/blogs/pete_orologas/archive/2006/10/12/416.aspx said:
PingBack from http://frankthefrank.info/entry.php?id=kwws%3d22eorjv1qhxghvlf1frp2eorjv2shwhbrurorjdv2dufklyh2533924324527491dvs%7b
March 26, 2008 1:53 AM
Ross Hawkins said:
April 20, 2008 9:30 PM
FREE STUFF! SIGN UP FOR FREE! - Page 49 - Money in the Bank | Money Maker | Make Money Online said:
PingBack from http://www.themoneyinthebank.com/forums/referral-mlm-money-cyclers-network-marketing-discussion/7040-free-stuff-sign-up-free-49.html#post16634
May 6, 2008 8:48 PM
Sql Server 2005 Kurdum Management ? yok ? - Webmaster Forum & Webmaster Okulu said:
PingBack from http://www.r10.net/database/167585-sql-server-2005-kurdum-management-yok.html#post1818572
May 9, 2008 4:22 PM
sql server management studio said:
PingBack from http://alonzo.mediaplusnews.info/sqlservermanagementstudio.html
May 14, 2008 6:40 PM
CSIS blogs said:
Over the summer I went over various SQL server configurations that could work with/for our students in the labs (and also to be better informed when the inevitable questions would arise). I also wanted to be able to explore the wonderful new Integration
August 28, 2008 4:18 PM
CSIS Blogs said:
Over the summer I went over various SQL server configurations that could work with/for our students in the labs (and also to be better informed when the inevitable questions would arise). I also wanted to be able to explore the wonderful new Integrat
September 2, 2008 3:03 PM
Wayne Larimore - his Bloggin' Weighs said:
Missing SQL Server Management Studio
October 21, 2008 8:36 AM
instalacja MSSQL2005 developer edition na Vista Premium | hilpers said:
PingBack from http://www.hilpers.pl/54199-instalacja-mssql2005-developer-edition-na
January 18, 2009 7:23 AM

Wednesday, January 28, 2009

ASP .. CDO.Message .. Charset (or Encoding) utf-8 unicode

1.
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>


2.
Its the 8bit transfer encoding on the html part which is causing the
problem. It should be quoted-printable like the plain text alternative
part. I've come acroess this before on Win 2003 machines where CDO chooses
8bit encoding despite it being an in appropriate encoding for sending via
SMTP.

Trying adding this line before sending:-

..HTMLBodyPart.ContentTransferEncoding = "quoted-printable"


' ### sendMail to Multiple people. Separated by ; semi-colon (no spare in between)
Function sendMail( sender, mailList, subject, strBody)
bodyformat = 0 ' 0:HTML, 1:text
mailformat = 0 ' 0:MIME, 1:text

set objmail = Server.CreateObject("CDO.Message")
objmail.From = sender
' objmail.TextBodyFormat = bodyformat
' objmail.MailFormat = mailformat
objmail.Subject = subject

'objmail.To = mailList
objmail.Bcc = mailList
'objmail.Cc = ""


objmail.HTMLBody = strBody
objMail.HTMLBodyPart.Charset = "utf-8"
objMail.HTMLBodyPart.ContentTransferEncoding = "quoted-printable"

'objmail.TextBody = strBody
'objMail.TextBodyPart.Charset = "utf-8"
'objMail.TextBodyPart.ContentTransferEncoding = "quoted-printable"

objmail.Send()

set objmail=Nothing
'Response.Write "Done! mail has been sent!" & strBody & "

" & mailList
'sendMailx = "done!"
End Function

The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Excha

The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server
View products that this article applies to.
Expand all | Collapse all
SYMPTOMSYou explicitly configure the Send As right on a user object in the Active Direct...You explicitly configure the Send As right on a user object in the Active Directory Users and Computers snap-in in Microsoft Exchange Server. However, the Send As right is removed from the user object about one hour after you configure the Send As right.

Additionally, other changes that you made to the security descriptor on the user object may be removed. For example, the Allow inheritable permissions from parent to propagate to this object check box may no longer be selected.

If you have an environment that includes Microsoft Exchange Server 5.5 and a functioning Active Directory Connector (ADC), Exchange Server 5.5 mailboxes that are configured to use Active Directory user accounts that are members of protected groups may appear as "CUSTOM" in the Exchange Server 5.5 Administrator program.
Back to the top
CAUSEThe Active Directory directory service has a process that makes sure that member...The Active Directory directory service has a process that makes sure that members of protected groups do not have their security descriptors manipulated. If a security descriptor for a user account that is a member of a protected group does not match the security descriptor on the AdminSDHolder object, the user's security descriptor is overwritten with a new security descriptor that is taken from the AdminSDHolder object.

The Send As right is delegated by modifying the security descriptor of a user object. Therefore, if the user is a member of a protected group, the change is overwritten in about one hour.
Back to the top
RESOLUTIONWe recommend that you do not use accounts that are members of protected groups f...We recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you require the rights that are afforded to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory accounts include one user account that is added to a protected group and one user account that is used for e-mail purposes and at all other times.
Back to the top
WORKAROUNDThe following information can help you work around the problem in which Exchange...The following information can help you work around the problem in which Exchange Server 5.5 mailboxes appear as "CUSTOM" for the user in the Exchange Server 5.5 Administrator program. The workaround relies on the fact that the SELF access control entries (ACEs) should be present on the user object when the user object is replicated to Active Directory by the Active Directory Connector (ADC).

You can use the Dsacls.exe utility to add the entries that are being stripped off the user objects. To do this, change the AdminSDHolder permissions. Then, add the entries that you want. Because all the entries use the security principal SELF, this workaround should not introduce any security problems.

Note You must run the Dsacls.exe utility one time to add the one access control entry that is missing from the AdminSDHolder security descriptor. For example, if you want to add six different entries, you may run the Dsacls.exe utility six times.

The following workaround changes the AdminSDHolder object. Then, the AdminSDHolder object is propagated to each user account that is a member of a protected group. Follow these steps:
Install the Microsoft Windows 2000 Support Tools from the Windows 2000 CD. These tools include the Dsacls.exe utility. You can use the Dsacls.exe utility to view, modify, or remove ACEs on objects in Active Directory.
Create a batch file that contains the following code.
dsacls "cn=adminsdholder,cn=system,dc=mydomain,dc=com" /G "\SELF:CA;Send As"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:CA;Receive As"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:CA;Change Password"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:RPWP;Personal Information"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:RPWP;Phone and Mail Options"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:RPWP;Web Information"


Note Replace "dc=,dc=com" with the distinguished name of your domain.
Wait for an hour so that Active Directory has time to rewrite the security descriptor of all the user accounts that are members of any propagated groups.
After the ADC replicates the changes, all users appear as "user" instead of as "CUSTOM."
You might apply security update 916803, security update 912442, or the daylight saving time update for Exchange Server that is described in the following article in the Microsoft Knowledge Base:
926666 (http://support.microsoft.com/kb/926666/ ) Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 2
If you do this, you must prevent the AdminSDHolder from overwriting permissions that are granted to a BlackBerry Services account on protected groups. To do this, create a batch file that contains the following code:
dsacls "cn=adminsdholder,cn=system,dc=mydomain,dc=com" /G "\SELF:CA;Send As"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:CA;Receive As"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:CA;Change Password"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:RPWP;Personal Information"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:RPWP;Phone and Mail Options"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:RPWP;Web Information"
dsacls "cn=adminsdholder,cn=system,dc=mydomain,dc=com" /G "\BlackBerrySA:CA;Send As"


Note In this batch file, BlackBerrySA is a placeholder for name of the BlackBerry Service account. If you have accounts in multiple domains, you can also specify the domain in the command line by using the following format:Domain\BlackberrySA.

Alternatively, we recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you must have the rights that are given to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory accounts include one user account that is added to a protected group, and one user account that is used for e-mail purposes and at all other times.
Back to the top
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that ar...Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top
MORE INFORMATIONFor more information about how to delegate "Send As" rights to a user account, c...For more information about how to delegate "Send As" rights to a user account, click the following article number to view the article in the Microsoft Knowledge Base:
281208 (http://support.microsoft.com/kb/281208/ ) How to grant a user "Send As" rights in Exchange Server 5.5 and Exchange 2000
For more information about the AdminSDHolder object, click the following article numbers to view the articles in the Microsoft Knowledge Base:
232199 (http://support.microsoft.com/kb/232199/ ) Description and update of the Active Directory AdminSDHolder object
817433 (http://support.microsoft.com/kb/817433/ ) Delegated permissions are not available and inheritance is automatically disabled
The location of the AdminSDHolder object is as follows:
CN=AdminSDHolder,CN=System,DC=MyDomain,DC=Com
Note Replace DC=MyDomain,DC=Com in this path with the distinguished name of your domain.

The following list contains the protected groups in Windows 2000:
Enterprise Admins
Schema Admins
Domain Admins
Administrators
The following list contains the protected groups in Microsoft Windows Server 2003 and in Windows 2000 after you apply hotfix 327825 or after you install Windows 2000 Service Pack 4 (SP4):
Administrators
Account Operators
Server Operators
Print Operators
Backup Operators
Domain Admins
Schema Admins
Enterprise Admins
Cert Publishers
Additionally, the following users are considered protected:
Administrator
Krbtgt
For more information about hotfix 327825, click the following article number to view the article in the Microsoft Knowledge Base:
327825 (http://support.microsoft.com/kb/327825/ ) New resolution for problems with Kerberos authentication when users belong to many groups
Back to the top

--------------------------------------------------------------------------------

APPLIES TO
Microsoft Exchange Server 5.5 Standard Edition
Microsoft Exchange 2000 Server Standard Edition
Microsoft Exchange 2000 Enterprise Server
Microsoft Exchange Server 2003 Standard Edition
Microsoft Exchange Server 2003 Enterprise Edition
Back to the top
Keywords: kbexchdirectory kbtshoot kbprb KB907434

Back to the top

Distribution Group Assigning "Send As" Permissions to a user

It was brought to my attention that following the steps listed in KB327000 (http://support.microsoft.com/?kbid=327000), which applies to Exchange 2000 and 2003, to assign a user "Send As" permission as another user did not appear to work. I too tried to follow the steps and found that they did not work. I know this feature works, so I went looking around for other documentation on this and found KB281208 (http://support.microsoft.com/?kbid=281208) which applies to Exchange 5.5 and 2000. Following the steps in KB281208 properly gave an user "Send As" permission as another user. But I found the steps listed in KB281208 were not complete either. The additional step that I performed was to remove all other permissions other than "Send As". Here are the modified steps for KB281208 that I performed (changes noted in blue):

1. Start Active Directory Users and Computers; click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.

2. On the View menu, make sure that Advanced Features is selected.

3. Double-click the user that you want to grant send as rights for, and then click the Security tab.

4. Click Add, click the user that you want to give send as rights to, and then check send as under allow in the Permissions area.

4.5 Remove all other permissions granted by default so only the send as permission is granted.

5. Click OK to close the dialog box.

So after I verified that the steps for KB281208 worked, I was curious as to why the steps for KB327000 did not work. What I found was that Step #7 of KB327000 applied to the permission to "User Objects" instead of "This Object Only". Here are the modified steps for KB327000 that I performed:

1. On an Exchange computer, click Start, point to Programs, point to Microsoft Exchange, and then click Active Directory Users and Computers.

2. On the View menu, click to select Advanced Features.

3. Expand Users, right-click the MailboxOwner object where you want to grant the permission, and then click Properties.

4. Click the Security tab, and then click Advanced.

5. In the Access Control Settings for MailboxOwner dialog box, click Add.

6. In the Select User, Computer, or Group dialog box, click the user account or the group that you want to grant "Send as" permissions to, and then click OK.

7. In the Permission Entry for MailboxOwner dialog box, click This Object Only in the Apply onto list.

8. In the Permissions list, locate Send As, and then click to select the Allow check box.

9. Click OK three times to close the dialog boxes.

The KB articles were updated to include correct information. But, if you had problems with this in the past, this might be why!

- Chris Ahlers

Published Friday, January 07, 2005 9:52 AM by Exchange
Filed Under: Directory, Administration, All Posts

Of course, the key wording above is the line that reads You do not have permission to send to this recipient. Is it possible to speed up this permissions change process? Well, I haven’t been able to get someone from Microsoft to confirm this, but I believe it’s possible via the Mailbox Cache Age Limit registry key documented in KB article 327378. The KB article mentions changing the Mailbox Cache Age Limit registry key, which according to the article is used to re-read logon quota information. In my experience, modifying this key (or creating it if it doesn’t exist) with a suitable value, in minutes, speeds up the permissions change process. Note that you must restart the Information Store service after modifying this registry key. The general consensus of opinion here is not to make this value too low; a sensible value is 15 minutes. The alternative to creating or modifying this registry key is to simply re-start the Information Store service, which appears to make the permissions changes take effect immediately. Of course, restarting the Information Store service is rarely practical during business hours and you may also not prefer to go poking around in the registry, so you can also choose to wait for the permissions to be re-read at the next interval, which, as stated earlier, could be up to 2 hours.

Once the permissions have been granted and successfully taken effect, the assistant can send the message as normal. What does the recipient of the message actually see? Quite simply, the recipient will not be able to tell that it was the assistant who actually sent this message as it will appear just as if the manager had sent it. We’ll talk about another method, the Send on Behalf of method, a little later in this article.

http://www.msexchange.org/tutorials/Sending-As.html

Tuesday, January 27, 2009

Exchange system backup using Acronis True Image

Exchange system backup using Acronis True Image


--------------------------------------------------------------------------------

lzd2121st June 2007, 06:05
Hi, I plan to use Acronis True Image Enterprise Server to backup my Exchange (2003) system partition (online backup). I've explore Acronis documentation and forum (maybe I'm missed...) about it but only found a documentation about Exchange database backup issue where we've to stop Exchange services to be able backup the data using their software.

Does imaging technology have any issues with Exchange system backup? Do I've to stop Exchange services before the backup process in order to have the system work after restored in case of failure?

Please advice.

Regards,

Acung

--------------------------------------------------------------------------------

Sembee1st June 2007, 12:40
Image based backup for Exchange is a poor idea.

There are a number of reasons for that.

1. With some of the tools you have to stop Exchange.
There is no good time to stop Exchange as it is designed to run 24/7. During the night it is doing internal maintenance.

2. It isn't an Exchange aware backup.
Unless things have changed recently, it isn't an Exchange aware backup, so doesn't flush the transaction logs and mark the database as being backed up.

3. It is a snapshot, reducing your restore options.
If you take an image backup at 3am, then the next night your server fails at 2am and you restore your backup - what happens to everything that occurred in the previous 23 hours? For most companies the most valuable email is what has been received in the last 24/48 hours. You have just wiped all of that out.

Are you going to replay the transaction logs?

If you aren't doing an Exchange aware backup then your transaction logs will be building up. What I see happen most frequently with people who do not do Exchange aware backups is that they turn on circular logging. That deals with the transaction logs that they believe they don't need and saves the space.

With a good traditional backup and good quality hardware using RAID arrays etc, the value of an image based backup for Exchange is very small. While I can see the appeal, it isn't something I do as a rule for any of my clients.

Simon.

--------------------------------------------------------------------------------

lzd2125th June 2007, 07:47
I'm asking this question because I've read an article about using imaging software to backup Exchange is the quickest (not the best) way to restore the system in case of failure, of course data backup included in the recovery procedure (http://www.lanarchitect.net/Articles/ExchangeRecovery/index.htm) so your concern about the newest data can be eliminated because it's already covered. Previously our user's data stored in pst file but since a month ago we've centralized the data in Server and it became more important for us to be able restore the system (and data) in case of failure. For data backup, will purchase ARCserve Agent for Exchange since we already have the main module and for the system backup still on review. Could you please suggest for the best DRP for Exchange base on your experiences?

Thanks in advance.

Regards,

Acung

--------------------------------------------------------------------------------

Sembee6th June 2007, 02:28
Why do you think that newest data is covered with what you have outlined?
Exchange 2003 doesn't have any form of log shipping. Therefore to restore the database in the event fo a failure you are reliant on the transaction logs.
If you restore an image you will wipe out those logs.

There is a element of the IT industry who think that imaging is the way to backup everything... the same elements also seem to think that virtual machines should be used for everything.
I don't subscribe to either for Exchange.

There is no one disaster recovery plan for everyone, as it very much depends on what you are planning for and how long you can afford to be down. The longer you can be down the cheaper it becomes.

At a minimum the server should be on multiple hardware arrays, with hot swap everything and backed up every night (full backup, not incremental or diffs) using an Exchange aware backup application.
The domain controller should also be backed up, particularly the system state.
A tape should be stored off site.
On some sites I have gone as far as having a copy of the installation media stored off site as well.

Simon.

--------------------------------------------------------------------------------

phershey6th June 2007, 18:45
You definitely do not have to stop Exchange to do the backup with Acronis, and the current version supports VSS. We do a full TrueImage backup of our Exchange 2003 server nightly with incremental images every 4 hours during the day. These images go to a separate system which is backed up to tape every night. If just the mail server fails during the day, we can restore from the previous night's image plus whatever incrementals we have locally on the storage appliance. We do this regularly for our disaster recovery drills off-site, restoring to different hardware (HPs here, Dell systems at the DR site) as we have their Universal Restore Option for all of our servers. Local recoveries to repaired equipment are a snap.

I have to say our semi-annual DR drills were never much of a success until we went with Acronis TrueImage. We'd tried Novaback, ArcServe and BackupExec (BE we still use for a couple of systems, including just the Exchange store as a secondary backup).

--------------------------------------------------------------------------------

lzd21213th June 2007, 05:33
Hi all, sorry for the late reply....very busy with AV problem in our Mail Server (false positive issue) during this week...even the vendor Technician not able to solve it yet....

Hi Phersey, thanks for sharing....
Could you please share your DRP for Exchange using ATI?
What I've planned is using a method provided by George Ou and having additional data backup.

To Sembee:
Quote "Why do you think that newest data is covered with what you have outlined?"

I've missed this part from the article, of course I will have data backup using third party application (just purchase CA Brightstor ARCserve) for that point.
What do you think about George article if I've additional backup for the data and moved the transaction logs to other partition? Does it will work?

Please advice.

Regards,

Acung

Acronis True Image Echo Now Provides Backup and Recovery for Every Major Virtualization Platform

BURLINGTON, MA -- 01/27/09 -- Acronis®, Inc. (http://www.acronis.com) announced today that its corporate Acronis True Image backup and disaster recovery software for servers and workstations now supports virtual machines and file formats from Citrix XenServer. Acronis True Image Echo enables IT managers to move, manage and maintain both physical and virtual servers using a single application. With this announcement, the software now supports every major virtualization platform, including VMware, Microsoft, Parallels and Citrix/Xen.

Among the other added features in this latest release are dual destination and integration with Acronis Recovery for Microsoft Exchange.

Dual destination -- Customers can back up a server image to two locations, including remote sites via local disk or network store, or the Acronis Secure Zone™.

Acronis Recovery for Microsoft Exchange Integration -- backup and recovery software specifically designed for Microsoft Exchange Server can now access Exchange-specific functions from within the Acronis True Image Echo Management Console.

"Virtualization will continue to grow in importance and gain wider use in 2009 as IT managers are already deploying multiple virtualization platforms and the different software required for each," said Jason Donahue, CEO of Acronis. "This latest update to Acronis True Image is agnostic toward virtualization technology and allows IT personnel to choose the platforms that make the most sense for their needs, and use Acronis across the board to keep all that data safe."

"Gartner research indicates that seventy percent of all organizations are deploying some level of server virtualization and all but a few firms are actively investigating it*," said Dave Russell, research vice president, Servers & Storage, Gartner. "It will be critical for IT managers to consider the management of virtualization, thus evaluating applications that are agnostic and offer flexibility to support their future planning and infrastructure needs."

About Acronis True Image Echo

Acronis True Image integrates seamlessly with all Windows- and Linux-based servers, regardless of whether those servers are physical or virtual.

Utilizing the Acronis Virtual Live Data Format to separate hard disk contents from the underlying file format and platform dependency, the software creates a transportable image, independent of the hardware platform that can be restored directly to and from any virtual or physical environment. This is accomplished in conjunction with Acronis Universal Restore, an add-on module to Acronis True Image Echo.

Other features include:


-- "Restore file and folders without full path" option
-- Command line tool for Acronis Backup Server to export information
stored in Backup Server about backup file names, locations and computer to
an XML file
-- "Run Acronis Recovery for MS Exchange Bare-metal Restore after data
recovery" capability added
-- Discovery of computers in Group Server can now be restricted to user-
defined network ranges


Pricing for the corporate Acronis True Image server family ranges from $499 for Acronis True Image Echo for Microsoft Small Business Server to $2,599 for Acronis True Image Virtual Edition. The updated version is currently being shipped.

About Acronis

Acronis, Inc. is the leading provider of storage management and disaster recovery software. Its patented disk imaging and management technology enables corporations and individuals to move, manage and maintain digital assets in physical and virtual environments. With Acronis' backup, recovery, server consolidation and virtualization migration software, users protect their digital information, maintain business continuity and reduce downtime in computing environments. Acronis software is sold in more than 180 countries and available in 13 languages. For additional information, please visit www.acronis.com or contact media@acronis.com.

Run Running Apache IIS on same machine same port 80 different IP

Run Running Apache IIS on same machine same port 80 different IP

I use to work both in PHP and ASP and am not able to run ASP pages on Apache webserver. Can I install and run Apache + IIS on the same server/machine? If so what configuration and setting do I need?

Assuming that you want all servers to work on the standard port 80, you need a multihomed machine (i.e. multiple IP addresses) and if you are using IIS6, you need to configure it to listen only on some of these addresses.

J.D.


By default, IIS takes every IPs port 80, even if you've only specified each of the websites to have a single IP. You'll need to do the following:

1) Get httpcfg.exe (it's on the Windows 20003 CD, or google it).
2) Type the following in a command prompt to stop all IIS services: net stop http /y
3) Type the following in a command prompt to stop Apache service: net stop Apache2.2 (you can get the ServiceKeyName for a server by running this command: sc getkeyname "Apache2.2" ( go to compmgmt.msc computer management to find the display name of a service)
4) Use httpcfg to configure IIS to only listen on the IP you want it to (type at a cmd prompt, in the directory httpcfg is in): httpcfg set iplisten -i 192.168.1.8
5) Restart IIS Services: net start w3svc
6) Restart Apache service: net start apache2.2

Should do the trick.

Edit: After step 4, run the following: httpcfg query iplisten

Make sure only the IP address you wanted listed shows up. If others still do, use httpcfg delete iplisten -i 192.168.1.x to delete the entry

I managed to get it working:

In this case the problem was that IIS 6.0 has a feature called Socket Pooling that claims all ports for all loaded IP addresses, even if not configured in IIS.

So, IIS was hogging port 80 on the IP address I'd designated as the Apache address and causing it to not run. I installed Windows 2003 and got IIS running. Then I turned off IIS and installed Apache, associating it with the IP and port that I wanted. Then I turned off the Apache service and restarted IIS.

Then, what I had to do was:

1- Extract the httpcfg.exe utility from the support tools area on the Win2003 CD.
2 - stop all IIS services: net stop http /y
3 - have IIS listen only on the IP address I'd designated for IIS: httpcfg set iplisten -i 192.168.1.253
4 - make sure: httpcfg query iplisten (the ip's listed are the only ip addresses that IIS will be listening on and no other)
5- restart IIS Services: net start w3svc

Voila! Apache is listening on its default ports on 192.168.1.254 and IIS is listening on its default ports on 192.168.1.253.


Originally Posted by peppy
I know you can run them on a different port, but I want to run them both on port 80, is the possible with two network cards

thanks for your reply



You can disable the socket pooling in iis 5.0 to release the ip and port for apache to use. here is how to do it from Microsoft website:
1.Open a command prompt and make sure you are in the X:\Inetpub\Adminscripts folder (where X is the IIS installation drive). To do this, type the following lines at the command prompt: X:

CD\Inetpub\Adminscripts
2.After you open the Adminscripts folder, type the following line at the command prompt: cscript adsutil.vbs set w3svc/disablesocketpooling true
3.The command replies as follows: disablesocketpooling : (BOOLEAN) True
4.Stop and start the IIS Admin service.5.Restart the WWW service.

Good luck!
jscorpion

Sunday, January 25, 2009

「淡」是人生最深的滋味

「淡」是人生最深的滋味
Mar 24th, 2007 by mmdays
將文章轉換為簡體
文/蔣勳 (摘錄自《天下雜誌》教育基金會主辦之演講,許立佳整理)
過去常和美術系的學生討論到,四年以後要到哪裡去、要做什麼、要在這個社會扮演什麼樣的角色。
有些學生會說我要做畫家,如果買了房子和車子有剩的錢,覺得家裡有面牆很空白,會去買一張畫掛在那裡。
但是,到底畫家是不是等到社會溫飽之後的餘裕,才去照顧那片空白的牆,以及那幅畫?
不僅是對美術系學生,我想要談的是,如果社會沒有美、不重視美,它會出現什麼問題?個人的生命沒有美的認知,它殘缺了什麼?
如果他整個理性世界和感性世界不平衡,會影響到他長大以後,情感的部份無法處理。我覺得美是各個學科做為人的一個單元,而感覺是很重要的一個部份。
人類的味覺很早就在生存的感覺慢慢定位︰酸的、甜的、辣的、苦的、鹹的。可是慢慢地在人類整個文明當中,味覺不再是味覺。
我們說某個人講話老是要刺激別人,講話酸酸的,這時候不是講味覺,而是他心理的狀況–有一點嫉妒,有一點得不到的不舒服。我們說這個人嘴巴好甜喔,是說一種幸福感,甜是一種幸福感。
「辣」在口腔上是非常強的一種刺激。我們說一個人「潑辣」,或是「辣妹」,都是把「辣」變成精神文化的狀態,訴諸於動物最原始本能的感官。它不做理性的提高、不做人文的修飾,是很過癮、是「爽了再說」、是當下刺激感官,而比較不是回憶性的。
談到「鹹」,我們讀《聖經》讀到耶穌在佈道時說,如果鹽失去了鹹味,還應該叫它做鹽嗎?台灣每年辦鹽分地帶的文藝營。為什麼要到鹽分地帶?因為布袋這個海邊是早期晒鹽的地方,他們希望這些作家能將鹽分地帶的勞苦與流汗的記憶,變成文學精神。
「苦」是被排斥的味覺,跟人生搭在一起,最後變成生命的一個記憶。從不愛吃苦瓜,變成愛吃苦瓜,從不知道父母會離開我,到父母都離開我,那個人生的滋味是非常不一樣的。
我們不知道也許有一天在母親臨終的床前,要用什麼樣的生命去擔待這個難堪的時刻?如果沒有準備好、沒有庫存過,要怎麼過這一關?
過去的東西會幫助一個人度過這些難關。親人的身體受苦,而你卻幫不上忙時,也許所有的味覺的記憶會出來。它是一個庫存的過程,因為庫存過,所以沒有被打敗、沒有慌張、沒有呼天搶地、沒有嚎啕頓足、沒有變成崩潰的狀態,因為生命幾千年來走下來、上萬年來都度過這個時刻,而它變成一個文化的力量。
這時候味覺會有好多的感嘆,然後變成所有的味覺都有很多的記憶在裡面。
<甜太簡單,回甘才有味 >
我小時候完全不吃苦瓜,我不知道為什麼到這個年紀,愈來愈愛吃苦瓜?而且是那種客家醃苦瓜,還帶著臭味,然後摻些小魚豆豉。
我忽然發覺,我現在不愛吃甜的,我覺得甜對我來說,太簡單了。
還有一種味覺叫「回甘」。我們會說這個茶好好喝,用「回甘」。回甘的意思是,一開始有點澀、有點苦,可是慢慢地從口腔起起來一種淡淡的甜味。
人生是經過這些澀味以後,才有所謂的甜,而那個「甜」不等於糖的甜,它不是單純甜味,而是人生經驗很多的複雜的變化。
有一次去紹興,朋友請我去吃飯。他說:「你沒有聽過那個『三霉三臭』,你不配來紹興。」這個很狠喔,等於說人家要來作客,你還要通過那個三霉三臭。就是那個發霉的酸菜干,真的很臭,聞到以後會想吐的。
我們在紹興被他們灌得醺醺大醉,吃了三霉三臭之後,晚上我一個人在街上走。我走過魯迅紀念館、蔡元培紀念館、秋瑾紀念館,走過她被砍頭的那個廣場。我不曉得這個小鎮記載多少近代歷史的記憶,好像人被壓抑、發霉的記憶,最後在味覺上出來。
通過霉和臭之後,還要存在、還要活著、還要有生存下去的力量。我們現在再去讀《阿Q正傳》這樣的書,感覺那種生命好像真的發霉的感覺。可是在那樣的環境,我們還要存在、還要活著,而且還要自己想辦法,去通過那個臭、那個腐爛,重新生長出來。
也許因為我們在這麼幸福、安逸的環境中長大,對甜味的感覺很多,所以對苦味和臭味不太能感受到。在台灣因為環境很好,有很多苦味和臭味被降低了。
有一個法國朋友跟我說,其實古老的文化最精的品嚐是臭味,臭的品嚐。我們會發現苦也好、臭也好,都是生命裡的卑微、生命裡的哀傷,都是生命裡痛的記憶。
<蘇東坡從甜到甘的人生 >
蘇東坡在最落難的時候,在岸邊寫下「大江東去,浪淘盡」,寫出最好的詩句出來。受到皇帝賞識時,他的書法好漂亮、工整、華麗,而且得意。因為他是一個才子,才子總是很得意的。但是他從來沒有想過,他讓很多人受過傷。他得意的時候,很多人恨得要死,別人沒有他的才氣,當然要恨他。但是他落難寫的書法,這麼笨、這麼拙,歪歪倒倒無所謂,卻變成中國書法的極品。
此時苦味出來了,他開始知道生命的苦味,並不是你年輕時得意忘形的樣子,而是在這麼卑屈、所有的朋友都不敢見你的時候,在河邊寫出最美的詩句。
他原來是一個翰林大學士,但因為政治,朋友都避得遠遠的。當時他的朋友馬夢得,不怕政治上受連累,就關說把那個地方的軍營靠東邊的地,撥給蘇軾夫婦使用,所以蘇軾就改名叫蘇東坡。
蘇東坡開始在那裡種田、寫詩,他忽然覺得:我何必一定要在政治裡爭這些東西?為什麼不在歷史上建立一個光明磊落的生命情感?
所以他那時候寫出最好的詩。他有米可吃了,還跟他太太說,讓我釀點酒喝好不好?他還是要喝酒!「夜飲東坡醒復醉」是說,晚上就在這個坡地喝酒,醒了又醉、醒了又醉;「歸來彷彿三更」則是,回來已經很晚。「家童鼻息已雷鳴」是說,當地還有一個小孩幫他管管家務,但是他睡著了,鼻子打呼。「敲門都不應」是指,蘇東坡敲門都不應。我們看到他之前的詩,敲門都不應,就要發脾氣了,可是現在就算了,他就走去聽江水的聲音,「倚仗聽江聲。」
蘇軾變成了蘇東坡後,他覺得醜都可以是美。他開始欣賞不同的東西,他那時候跑到黃州的夜市喝點酒,碰到一身刺青的壯漢,那個人就把他打在地上說:「什麼東西,你敢碰我!你不知道我在這裡混得怎樣?」他不知道這個人是蘇東坡,然後倒在地上的蘇東坡,忽然就笑起來,回家寫了封信給馬夢得說:「自喜漸不為人知。」我覺得是了不起生命的過程,他過去為什麼這麼容易得意忘形?他是才子,全天下都要認識他,然後他常常不給人好臉色,可是落難之後,他的生命開始有另外一種包容,有另外一種力量。
所以我覺得,蘇東坡酸甜苦辣鹹百味雜陳最後出來的一個味覺是「淡」,所有的味覺都過了,你才知道淡的精采,你才知道一碗白稀飯、一塊豆腐好像沒有味道,可是這個味覺是生命中最深的味覺。
<「無目的」的人生清涼 >
你會發現他在做官的時候,從來沒有感覺到清風徐來,但是從他的詩中看到,因為他不做官,才感覺到清風。
我覺得蘇東坡應該感謝的是:他不斷被下放,每一次的下放就更好一點。因為整個生命被現實的目的性綁住了,所以被下放的時候,才可以回到自我,才能寫出這麼美的句子出來。
他可以感受到:歷史上那些爭名爭利,最後變成一場虛空。可以「多情應笑我,早生華髮」,是因為他回到自我。
我相信,美是一個自我的循環。美到最後不管你是富貴,或是貧窮,有自我,才有美可言,如果這個自我是為別人而活著,其實感覺都不會美。所以這個「淡」是你經歷酸、甜、苦、辣、鹹以後,才知道淡的可貴。所以他寫過一首很有名的詩說,「回首向來蕭瑟處,也無風雨也無晴。」我回頭看我走來的這一生,心很靜,也就無所謂了。
<「吃到飽」的文化象徵殘缺 >
如果這個社會不能形成一個品味,就會被人笑說「財大氣粗」。就是說沒有能力把錢花到對的地方去,整個人的品,不會受到尊敬和尊重。
七○年代我們看到台灣經濟的起飛,這是我們非常自豪的,可是我們看到歐洲在生活上有時候會覺得慚愧,因為我們不知道怎麼樣去建立所謂「我要什麼」。
九○年代我有一個法國的朋友來台灣,當時最流行「吃到飽」的餐廳,他就問我什麼叫做「吃到飽」?「吃到飽」有多麼了不起的價值嗎?我就跟他解釋說,我們的過去是「餓過」,對食物其實沒有安全感,其實你要「原諒」它。
人有一段時間選擇性太少,會有一段時間需要補償,但是台灣現在不是這樣的狀況。這時候我們就要講說,吃到飽是一種沒有選擇性的方法,鼓勵在量上一直加大,但是吃到後來是不舒服的。可是為什麼要用這種方法來對待自己的身體?
我們用精神上吃到飽的方法,就像電視上吃到飽的文化,很多媒體給觀眾和聽眾的訊息好像是讓他們吃到飽:沒有選擇性、沒有一種質的提高,而是大量地一直塞。教育是不是?我擔心的是,如果也是的話,怎麼辦?生命長大後要如何在他的角色上選擇他要的?
<只有是非,人生不可能豐富 >
從「喝」到「品」的差別是什麼?喝是一個純粹器官的反應,品是一個精神上的回應,我們說品嚐、品酒,「品」一定離開了純粹器官的刺激,而變為了某種精神上的回憶。
人生匆匆走過,如果沒有過程的話,生命最快就是從生到死就完了。
我們是否能慢下來去欣賞大自然豐富的顏色?我說的顏色不是畫畫的顏色,而是樹葉上的顏色,它不會只是一種綠色。一片葉子上的綠色是驚人的變化,因為陽光照下來,它厚的部份、薄的部份和透光的部份,是這麼豐富。
古代希臘、巴比倫人對星座的探討、中國古代人對紫微的探討,遠比我們今天精采。因為他們很安靜,透過視覺對於星座的轉移有非常細膩的紀錄與判斷,這個能力我們愈來愈喪失。喪失了之後,所有的知識只是從考試的是非和選擇出來,是一個簡化的過程,生命不可能豐富。
有多久你沒有脫掉鞋子、脫掉襪子用你的腳去感覺沙?我相信那個是美。找到你一部份還沒有老掉,在記憶中,是童年在通宵的海邊、在金山的海邊、在墾丁的海邊。你的腳掌曾經接觸過那麼濕潤、那麼柔軟的沙。把那個找回來。
我去總統府演講時,就跟阿扁說,「阿扁你該休假了,你應該脫掉鞋子去感覺沙灘。」
我從七○年代回國,台灣黨禁和報禁都沒有開放,戒嚴時期,我們看到社會走向民主開放的狀態。
後來我看到經濟上的繁榮,與政治上的民主開放,但是人如果沒有做他自己,前面兩個都是白費。
他必須落實到找回自己的自信,不是在社會裡的排行,或是所扮演的任何一個角色,要覺得這個角色是我自己的選擇,是我自己要做的。所以對於我的行業、專業,我會享受,享受是一種美啊!
我到花蓮看到人在賣切仔麵,快樂得不得了。他跟我說這個麵是特別的,我碰水幾次,再拿起來再碰水,它很Q。我就覺得跟另外一個賣麵的差好多,他好快樂。他覺得他的行業是除了賺錢以外,有得意的東西,因為他有成就感,可是我們今天有幾個行業有成就感?
如果都是用排行榜跟功利的方法去看待生命設計的安排,很難找回這個真正的自我。而這個自我,絕對是我自己要做的,我做的時候很開心。
我常說美的庫存,美需要庫存。就是你今天有一個提款卡,你要去提領錢是因為你存過錢,如果你沒有存過錢的話,你提不出錢。
<美需要在生命中不斷地庫存 >
我們的痛苦是,你在某個年齡層,某個行業裡發現:你的感覺沒有了,因為從來沒有庫存過。這個悲哀是,如果這個社會長期以來不庫存美,有一天你要去提領,會非常困難。
小時候我和姊姊到田裡去撈浮萍餵鴨子。我記得我把田裡的浮萍撈完,回家餵鴨子,第二天池塘裡又有滿滿的一池塘的浮萍,我從來沒有想到浮萍這麼小小點的生命,那個生命力這麼強。長大以後讀到蘇東坡的「一池萍碎」,我的記憶是可以提領我那個童年的記憶。
這個東西如何放到學校的體制裡,我無法想像,我總不能開一堂課帶孩子去撈浮萍。問題是,生活周遭的環境,自然還剩下多少?
在這個社會當中太多的排行榜,迷失了自己,而必須在大自然引發自己、解放自己。所以我覺得老莊的哲學剛好是儒家哲學的彌補,因為儒家總是要你「君君、臣臣、父父、子子」。
但莊子說,個人要走出去跟天地對話,做精神的釋放。要獨自去面對自然,變成個人生命定位的尋找,才能夠平衡。我不是否定剛講的排行榜是社會秩序,而是我們太缺乏另外一邊了。自我沒有完成,每個人就會覺得自己很委屈,要為別人做這件事,到最後會有抱怨,而不是心甘情願地說︰我做這件事是我自己選擇的。
這就是說「美是無目的的快樂」,它任何現世的功利都沒有,它就是個單純生命開啟的過程。
做為健全的人若沒有這個部份,可以說這是另外一種心靈的殘障。有一天他面臨到世界非常豐富的感受世界,卻無法感受,心理狀態會很枯燥,沒有辦法突破。有一天,他結了婚,他的妻子跟他的情感,都不是是與非,而是在是與非之間有更多的變化,但他沒有能力去分辨這細膩的變化,會變成極度不快樂。
<「考」出一個人的價值? >
一個好的作家說,生命裡有一個時刻是連舒伯特都無言以對的時刻,那是我們生命裡最重要的時刻。
當我們面臨父母親臨終的時刻,我們不知道那個時刻是怎麼度過的。我們無法寫詩、任何音樂也沒有辦法安慰我們,但是它一定是我生命中最重要的時刻。那樣的時刻,你握著他的手,希望用你的指溫去溫他冰冷的手,把所有的指溫都給他。我相信那是人走向完善的一個重要的過程。
如同在SARS的時刻裡,醫學院的學生拒絕到病房去。這時候,醫學對他來說,是不是一個功利?而缺乏另外一個「人」的動機在裡面?不知道。但是我們不能去指責這些孩子,因為他們這麼年輕,他們的反應,就是社會最直接的反應。
那麼我們要問的是︰促成社會最應該有夢想、有熱情的年輕人做這樣的決定,是社會出了什麼問題?這個社會少掉什麼東西?我們恐怕要問這個:他是不是對生命沒有感覺了?他對生命裡面到底應該如何去承擔他的重量,以及去承擔他自己對生命之間最好的關係?這是我所關心的。
可是我到今天為止,我們的考試,還是無法考出這個部份。美和宗教都是信仰,你沒有這個信仰之後,所有的知識都會變成負擔。有了信仰之後,所有的學習和知識才會回來變成智慧,所以美是使知識變成智慧的一個關鍵。

究竟還剩下多少自己?

究竟還剩下多少自己?
Oct 21st, 2008 by Mr. Monday
將文章轉換為簡體
Posted by Mr. Monday

(圖片來源: Savage Chickens)
隨著年紀的增長,我們開始步入了社會;當時的天真的笑臉,逐漸淡去;繁忙的工作壓力接踵而至,挑戰開始變成了折磨,理想逐漸化成了灰燼,究竟,還剩下多少自己?
我想,上面的話語,在許多上班族看來或許多少有些感觸。有時候,我們不得不承認,這個世界是殘酷的。當在學校的時候,無論你做的結果有多差,但是你盡力 了,那麼老師同學也不會太苛責你;然而,一但出了社會,溫室就被掀開了,這個世界終究不像童話般美好。你發現,這個世界原來還是結果導向的世界,無論你盡 了多少力,那個不是重點,重點是,你所達成的目標。在你踏入叢林的第一刻,你就瞭解到了原來你所理解的社會價值觀跟實際的社會價值觀有著所謂的距離,你所 熟悉的正規法則似乎不是這麼管用。你開始逐漸迷惑,儘管你想要堅持你的原則,但是如同漂流般的浮萍,你的行為似乎身不由己。你發現到了,原來課堂上所教授 的知識僅僅是鳳毛麟角。在課堂上,你從來不會學到該如何跟你的主管互動,你也不會學到該如何跟你的同事互動,當然你更不會學到該如何跟你的客戶互動。你或 許發現到了,所謂的專業並不僅僅代表你的技術高超,而是代表能夠有效率地把事情完成。因此,重點似乎就是 “完成” 。
你開始忙碌著,開始追逐著一個又一個的 Deadline;你感到極大的壓力,因為你的老闆總是希望明天就能看到結果;你感到極度的疲憊,因為你已經連續加班了三個禮拜;你感到極度的挫折,因為 無論你多麼盡力,似乎你的客戶就是無法滿意。當你偶而停下腳步時,想問問自己,究竟自己要的是什麼時,卻發現自己已經跌入茫茫的大海裡,而眼前的 Deadline 是似乎成了你唯一的浮木。你曾經想過,或許你可以改變航行的方向;然而現實總是將你推回了你 “應該” 所在的行道;不過,或許真正的原因是,你並不清楚自己所要航行的方向。你開始自問,究竟,我還剩下多少自己?
我曾經在 “我所理解的東西,永遠不是它真正的涵意” 裡面提到 “所謂的世界,就是我們認知的全部,因此,換個角 度,世界也就改變了”。換個角度並不會讓你的工作量減少,也不會讓你的專業能力馬上提升,但是,卻能夠大大提升你的態度,以及減低你的壓力。你將發現,一 個又一個的專案可以磨練你的專業;每一次的挫敗都是寶貴的經驗;你發現到原來四周都滿佈著學習的機會。然而,我們該如何把自己的視角轉換成這種角度呢? 我以為,你應當要追求你所熱愛的東西,當你在追求你所熱愛的事物時,你將感到時間是停止的。然而有時候夢想跟現實是有差距的,你對於追求夢想並沒有堅定 的決心,甚至,你的夢想是模糊的,就如同站在沒有告示牌的交叉入口上面。如果是這個樣子的話,也許可以退而求其次,先試著將你所擅長的事情 (或許正是你手邊正在做的事情) 當成你是所熱愛的目標。而當你這麼開始做時,你將發現你是主動而積極的。然而,我當然不希望這是另外一種自我麻痺,或許你將真正愛上你所做的工作。
我以為,人生就是一種修練,就是一種學習。我們試著釐清瞭解其中的因果,而瞭解其中的因果是為了能夠不要迷失自己。事情總有不完美的地方,然而我們試著理 解這些不完美,而或許不完美也只是價值觀上面的認知,而真正的本質總是藏在薄紗之後。人生難免挫折,拍拍褲子,再站起來,明日的太陽依舊會升起,而昨日的 總總將成為你往後的基石。你沒有什麼損失,你的四肢依然健全,時間繼續流動著,世界如此美好,人生如此寶貴,不如就好好掌舵,精彩走上一回吧!
To My Beloved.

我所理解的東西,永遠不是它真正的涵義

我所理解的東西,永遠不是它真正的涵義
May 24th, 2008 by Mr. Monday
將文章轉換為簡體
Posted by Mr. Monday
(圖片來源: Savage Chickens)
很久沒寫這一類的文章了,會想寫這一類型的文章,是因為最近我一個好友跟我開了個玩笑,他看了我的介紹之後去買了 Donald Norman 的書回來看,但是他認為 Donald Norman 的那本 <設計&日常生活> 所描述的概念都非常普通 (trivial)。因為他是我一個很好的朋友,所以我知道他是在開我的玩笑,但是這讓我跌入一些回憶以及想法之中。這個題目我想了好久,最後我覺得,也許 “我所理解的東西,永遠不是它真正的涵義” 正是我整篇文章所要傳達的概念。這邊,我跟各位讀者分享我的想法,也讓自己再次回顧自己的思維。
有限的認知
人是很喜歡解釋這個世界的動物,但是我們會很習慣地用自己 “已經學習到” 的思維來解釋我們所看到的事情。在心理學的領域當中已經探討過這類的問題,這類的特性可以稱作認知窄化 (cognitive narrowing) 或是隧道視野 (tunnel vision)。Donald Norman 在 <心科技> 裡有著這麼一段的描述: “人類容易專注在比較明確的假設上,而且一旦專注在假設上,即使面對矛盾的證據,也不容易改變立場“。
乍看這句話,似乎描述的頗有道理,但是似乎又覺得這個道理應該不會發生在自己身上才是。因為我們已經 “了解” 了這個問題了,所以,我們應當不會犯這種愚蠢的錯誤才是。不過正如 Donald Norman 在另外一本書上所說的一樣,任何事情在後來看來似乎都是理所當然,但是在當下決定的時候,事情總是不是你想像的那麼清楚易見。
也就是因為,我們人類會習慣於用自己已知的知識框架來解釋我們所遇到的問題,因此,在很多決策點上面,我們會做錯決定。或許你會說,那是因為資訊不夠充足的關係,或者還包含了種種的外在因素,並不完全是因為有限認知的問題。的確是這樣子沒錯,但是正如前面所說的,很多的事情是對資料的判讀錯誤,而做判讀正是做決定的人,而這些被判讀的資料,在事後看來似乎又這麼清楚易懂。因此,也就是判讀的人,利用了他自己的知識框架詮釋了資料。Donald Norman 在 <心科技> 裡有著這麼一段的描述: “誤診似乎總是對正在經歷的事物提出解釋,萬一有新的事物進來,也會在原先診斷的框框內解釋,相對矛盾的資訊則被丟棄“。
我們來舉幾個例子來解釋這是怎麼一回事。
決策的錯誤點
(圖片來源: CrunchGear)
Donald Norman 舉了一個飛機降落失事的故事,這位機長在最後遞交給美國太空總署的安全報告中可以明顯看出他在判斷決策過程當中的心智歷程:
我看見機場,也看見 35 號跑到的目視降落飛行指示燈…,由於燈光似乎不亮,很難將其排成一線。但因為我曾在此跑道降落三次,所以我有信心是這條跑道。不久,我發現跑道的旁燈消失了,中線則是綠燈。儘管一切都不太對勁,我仍然相信是這條跑道沒錯,因為機場塔台的維修人員經常在談論燈光的問題。不過,我並沒有想到去檢查方向旋轉羅盤。直到鼻輪降下,我看見黃色的中線時,仍告訴自己這是 35 號跑道…事實上,我降落在滑行道上。…我相信這次以外的主因是,經過暴風雨時缺乏雷達的飛行壓力,以及我的心態…雖然證據充分–既無跑道燈,也無目視飛行降落指示燈,而且中線燈是綠色的–我仍然拒絕承認它不是 35 號跑道。
在這段自白的文字當中,我們可以看到這位駕駛是如何用自己的既有的知識框架來解釋他所遇到的事情,儘管資料已經呈現在他的面前,但是因為他的經驗使他判讀錯誤。所以,一但我們為自己建立了框架,我們將安於我們的框架之中,直到事情真的不對勁之後。
舉別人的例子,或許還不夠客觀,讓我舉自己的例子吧。我本人喜歡爬爬小山,因此假日的時候會找幾個朋友到郊外爬爬山,雖然是爬山,但是總是喜歡挑一些沒走過的步道,因為這樣也可以每次爬山都有新鮮感。由於對於山路不熟,因此每次爬山我總會印一些登山攻略帶在身上,但是每一次總會多少走錯岔路。就在幾個禮拜前,我和朋友一起去爬指南茶路親山步道,爬著爬著,我們經過了貓空纜車站,想說在纜車站的前面小吃攤買些飲料補充水分,不過小吃攤的老闆沒有賣飲料,他跟我們說三玄宮有賣飲料,然後用手指了三玄宮的方向,還好心的跟我們說三玄宮的臭豆腐很好吃。
因此,在我自己的心智架構下,我有了地圖,在地圖上面,三玄宮似乎還要走一段路,而老闆娘所比的方向,是我們剛才經過的一個登山岔路,而登山岔路上面的標示牌的確也是個登山道。因此,在我的心理架構認知之下,我認為,三玄宮似乎還要繼續往上爬一段才會到,所以,我們沿著登山道繼續往上爬了半小時,途中,我們發現路邊似乎沒有親山步道的指示標示;但是,因為我已經爬過很多條親山步道了,因此我想很多步道也不是標示地這麼清楚。然後,步道開始有點挑戰性,也就是說原生石頭很多,但是我回想爬關渡親山步道時,還要拉繩索,所以,我認為這應該是相同狀況。最後,我們爬上了山頂,才確定了我們真正爬錯了山。而實際上,三玄宮就在老闆娘的攤位往前走幾步路的轉角就會看到了,但是因為是在轉角,所以我沒看到三玄宮,而把她的手勢解釋成繼續往上爬一小段路。
然而就在爬山的途徑中,一路上所有的證據都這麼明顯,但是我以我自己的心智框架解釋了所有的資料,資料是中立的,判讀的是我們。我用了自己所暸解的事物,解釋了我所不暸解的事物,那是因為我從來沒真正暸解過它們,直到我真實地接觸到它們。
因此,如果你以為因為有限的認知而誤判事情,只會出現在別人身上的話,那或許你可以開始每天注意一下自己所做的決定,以及你如何判讀每一項資料。因為我也見到過大老闆也因為社會經驗的歷程而誤判了情勢的情況。我們所經歷的社會經驗,每一次的經歷,都增加了我們對這個世界的認識,或許增進了我們的 “智慧”,然而也或許更為我們自己多加上了一個剛強的架構。所謂的世界,就是我們認知的全部,因此,換個角度,世界也就改變了。
我們從來不曾知道我們真正發明了什麼
(圖片來源: Savage Chickens)
科技在進步,我們對整個世界的認知也不斷地改變。然而,我們卻很容易的以為,我們 “暸解” 了這是怎麼一回事,也就是說,我們以為我們對我們所發展的東西有了充分的認識。然而事實上是,我們從未真正完全地暸解它,直到時間改變了,我們不得不用另外的角度來解釋它時,我們又重新認識了它,但是,我們沒還是未曾真正暸解它。
Roentgen Ray 發明了 X 光,因此醫生跟科學家能夠輕易透視人體,這也成了方便的研究以及觀察工具;然而直到數年之後,終於有人因為長期輻射而造成了身體傷害之後,大家才從另外一個面向暸解了 X 光。直到馬歇爾和華倫發現幽門螺旋桿菌會導致胃潰瘍和十二指腸潰瘍之前,所有的醫學界都認為在胃酸如此嚴苛的環境之下是不可能有細菌存活的。直到牛頓告訴我們所出的力是跟加速度成正比前,人類都一直接接受著亞里斯多德的通俗物理學: 力跟速度成正比。諾貝爾在發明火藥後,才知道火藥的威力正好助長了人類的劣根性,許多生命在這個發明之後喪失了,許多的生命也在這個發明之下得救了,到現在,我們都還未曾瞭解這項科技。Tim Berners-Lee 發明了互聯網,互聯網在 2000 年達到了一種前所未見的高峰,然後泡沫破掉了,我們以為我們瞭解了這項科技: 不過就是一個被炒作的科技;然而,隨著時間的推移,互聯網的應用超過了我們所能想像,現在我們有 Web 2.0,但是我們還是不曾真正瞭解它最後能帶給我們什麼。
因為我們的認知有限,因此當我們在構思未來的藍圖時,我們總是會以現有的狀態以及現有的知識,來假想未來的世界或是科技所應該達到的狀態。也是因為人類的認知有限,因此當我們看著圖表的趨勢的時候,我們總是以短線的數據來預估長線的趨勢;因為我們生命的淺短,因此當我們看到連續的溫度提升的時候,我們很容易做出全球暖化的預測。我們習慣著以我們所能夠認知的角度來解釋我們所感知的世界。
因此,當我們遇到未知的事情時,我們會先對內 (已知的知識) 找可以從中拼湊解釋的元素,如果能夠解釋的話,我們就當成我們已經瞭解了這是怎麼一回事了。直到,隨著時間的變化,事情開始無法自圓其說了,我們才會強迫自己以另外的角度來看這個世界,然後才會找尋原本不屬於自己範圍內的知識來認知這個世界。然後,這個未知的知識,又變成了已知的知識,我們把它內化,視為另一個理所當然,我們拉大了自己的認知範圍,同時也為自己多加了一條柵欄。
理所當然?
(圖片來源: Savage Chickens)
我一直覺得理所當然是一件很恐怖的思維,如果我們很容易的認為某件事情是理所當然的話,那我們就失去了反思以及辨思的能力,我們將在我們所建立的死胡同內踱步著。我看了這一期 <商業周刊> 聞亦道的專欄,他談到美國直到 1967 年之前,美國的法律是禁止不同種族結婚的。而當時的法官是這樣子認為的: “黑人白人不能通婚的理由是,如果上帝當初的意旨是要黑白兩族混在一起的話,就不會把他們安置在不同的洲際了”。你以為這個奇怪的觀念在現在應該是沒有才對,那你又錯了,因為直到 2000 年阿拉巴馬州才正式廢除不同種族通婚的法律 (Miscegenation Law)。
我也回想起大學時代念的管理書籍,當時我們視為這些在書中的文字所說的事情都是理所當然,似乎沒什麼特別難理解的地方,相較於難以推理的演算法,這些科目似乎沒什麼挑戰性,也沒什麼趣味,因為我們認為裡面所講的管理知識似乎是理所當然 (trivial)。這讓我想到我聽過的一個演講,訊連科技的董事長黃肇雄教授曾經有次演講說,他以前也很瞧不起管理書籍,他認為裡面講的都是廢話,直到他創業之後,再回頭看這些管理書籍,他才發現,裡面所說的錯誤,該犯的他都犯了。
見山是山,見水是水
禪宗裡面的一段話,這一段話是出自 <青原惟信禪師語錄>: “老僧三十年前來參禪時,見山是山,見水是水;及至後來親見知識,有個入處,見山不是山,見水不是水;而今得個休歇處,依然見山祇是山,見水祇是水“。我們當初在看書時,以為瞭解了作者所描述的狀態,以為瞭解了他所表達的知識,那只是 “見山是山”;當我們實際上去執行時,我們發現了有微妙的差異之處,甚至有未描寫的狀況,因此我們認為 “見山不是山”;等我們全部經歷過之後,很多的內在知識我們無法用言語說出,但是我們知道那是一座山。但是當沒真正爬過那座山的人,不會知道隨著高度的上昇,周圍氣壓微妙的變化,步道兩旁的花花草草,遠方的景色,體力的消耗所影響的心智…,可是這些無法一一完全描述完畢,但是當真正登過的人所說出的 “山”,跟從未登過的人所說出的 “山” 的意境是非常不同的。
這讓想起一些經典的書籍在隨著時間閱讀的點不同,而有不同的想法。我在高中時,因為奇怪的原因,因此讀了一遍孫子兵法,我對照著注釋,將文字看過去了,我以為我懂了孫子在說什麼了。大學的時候,因為要考預官,我又將孫子兵法看了一遍,這次,同樣的文字,我卻有了不一樣的想法,我發現,有些地方我的確沒什麼瞭解。後來,我發現,我沒真正瞭解過它,因為如果我瞭解了它,那也就代表它是我的一部份,我是能夠運用自如的。經典的書籍,就如同孫子兵法一般,隨著我們的年齡,一看再看,在不同的時點,我們卻得到了不同的 “答案”。而如此經典的書籍,也正如它經典的文字一般,讓我不禁懷疑,事實上,寫下這本書的孫子,實際上也沒有完全瞭解它。活著的不是書本,而是我們;正因為文字所容納的模糊地方,讓它能夠被解釋的部份放寬了;正因為我們對世界、對社會、對人生的認知不同了,因此我們以為我們在看書時讀出了絃外之音。
我所理解的東西,永遠不是它真正的涵義
世界是什麼? 人生是什麼? 我們所認知的世界,跟真實的世界是有差距的;我們所認為的人生,跟它本身的真相是有差距的。這是因為我們身而為人的認知是有限的,我們以我們有限的感官來理解這個世界,正如同我們以管窺天;我們的生命是有限的,因此當我們用自己的歷程來解釋未來時,我們以為這就是趨勢,然而在宇宙的歷程中,我們所存活的時點,所移動的空間,都是微不足道的。
我們傾向於相信我們所能接受的事物,這是我們的人性。然而,生而為人,我們能理解到這一點,代表我們有不可思議的反思能力。雖然我們的認知有限,雖然我們的生命有限,但是只要我們是能夠一直保持著開放的心胸,不斷地謙卑地學習,那麼我們就會慢慢逼近事物真實的涵義。或許當你真正體悟時,也是 “此中有真意,欲辯已忘言“。共勉之。

別忘了人生另外三分之二的風景

別忘了人生另外三分之二的風景
Sep 2nd, 2007 by mmdays
將文章轉換為簡體
Posted by Mr. Monday
最近收到一篇轉寄的文章,看了之後很有感觸,這邊跟大家分享一下。常常在不知不覺中我們的腳步就因為旁邊人的步伐而錯亂了,究竟你是踩著自己的步伐,還是踩著別人的步伐呢? 調整一下腳步,調整一下呼吸,今天開始你做你自己:)
===========================================
文/郭奕伶(商業週刊748)
台灣最大的外商銀行 — 花旗,一個臥虎藏龍的金融競技場。花旗人的外表,多半光鮮亮麗、自信滿滿,但他們卻面臨比別人更激烈的競爭與壓力,為了強過身邊的「第一名們」,他們必須更用力的工作,甚至犧牲自己的生活。不過,民國五十三年次,擔任花旗銀行金融同業處副總裁的黃毅,卻有一套與眾不同的工作哲學。進入花旗銀行十三年,黃毅從不加班,他只有一次在週末加班的紀錄,一個禮拜的應酬不超過兩天,回家絕口不談公事、不想公事。這樣的人,仍然可以在花旗銀行裡擔重任。五年前,黃毅接下這個職位,帶領著近二十人的團隊,爭取與銀行同業、保險、證券、投信,甚至央行等法人機構的往來業務,五年來,這個部門對銀行貢獻的收入金額成長超過一倍。去年,這二十個人創造出十三億元的收入,並將國際科技大廠委外代工的觀念引進國內的銀行市場,推動銀行將核心業務的非核心能力業務委外給花旗代工。
工作一百分,對黃毅來說,並不困難,從民生國小班長、介壽國中模範生、建中到台大土木系、台大商學研究所畢業,黃毅是一般定義的聰明寶寶,工作對他來說,似乎應付得游刃有餘。但是,工作一百分以外,他的生活也能一百分,就令人好奇了。黃毅充分保有自己生活空間的方式,不一定是什麼了不起的興趣或娛樂活動,但是,「工作只占生活的三分之一」,是他堅持的原則,因此,每年固定兩週以上的旅遊計畫,每週末固定逛書店、唱片行,每天早上與妻子散步去喝杯咖啡、吃早餐,以及音樂會等娛樂,都是他豐富生活的活動。
期許自己每年都要做一件很有意義的事 –讓「 六十歲時回憶起來會微笑十秒 」還有一件事可以凸顯他經營生活的用心。民國八十三年,黃毅已經是花旗的主管,在很多人的印象裡,銀行的主管應該是一板一眼,嚴謹自律,但黃毅竟然報名參加Marlboro公司(萬寶路香菸)所舉辦的西部探險活動,當時,台灣報名者眾,經過筆試、口試與體能測試,黃毅成為第十一名,是候補第一名。幸運的,有名獲選者因故不能成行,於是他得以參加這為期十天的活動。在同伴裡,黃毅的銀行員身分顯得相當特殊。當時,這群人浩浩蕩蕩開往美國西部,從北邊到南邊,他們學西部牛仔的騎馬趕牛、玩吉普車、泛舟、越野車等十天,台灣的《民生報》等媒體還隨行報導每天活動。「過癮極了,」黃毅說,「如果到六十歲時,我想到一件事還會微笑十秒鐘,那麼我花一年來做這件事都值得。」因此,黃毅每年都告訴自己要做一件很有意義的事,不管是工作或是旅行、玩樂。
一位與黃毅共事多年的同事形容,黃毅很懂得玩樂,是標準「WorkHard,PlayHard」的人。這個性格有什麼原因嗎?黃毅反問記者,「你認為,人生可以規畫嗎? 」 父親驟逝,體會人生無常 —「 活在當下,更及時行樂」黃毅三歲時,父親就過世,得年三十五歲,除了一個姊姊、弟弟外,黃毅的母親腹中還懷著一個胎兒。直到現在,父親的死因仍然不清楚,「我們根本措手不及,前一天父親才覺得不舒服,沒想到隔天就走了,」黃毅說,「所以,你今天可能才生病,明天就掛了。」因此,「要活在當下,更要及時行樂」的觀念一直深植在黃毅心中,他不要像他父親一樣。黃毅從來不相信人生可以規畫,也從來不會把生活切割成「求學、工作、退休、享樂」四個階段。在黃毅生活裡,他永遠把此刻可分配所有的資源,做最適當的分配,而 不會把資源設想成可以儲存到未來的某一天再享用 ,根據這個原則,他的時間配置自然與多數人不同。
因此,問他是否為了追求保有高的生活品質,而放棄工作、放棄更上層樓的機會?黃毅覺得很好笑,「對我來說,這是極為自然的事,沒有放棄什麼啊!」如果把人生比喻成一個圓,每個人都有自己的圓,有大有小,每個圓裡的成分也長得不一樣,「我非常篤定自己要的圓長什麼樣子,我做的每一件事,都符合這個圓的樣子 。」黃毅說。很多人,對金錢的追求有一個模式,他們的第一個目標是三千萬元,當達到第一個目標後,第二個目標就是一億元,然後,三億元是第三個目標,然後,就變成「錢奴」。「為什麼我不會變成這個樣子呢?」黃毅曾經這樣研究自己,許久後,他終於知道,「人生真的可能很短」這個從小就深深影響他的觀念,是他所追求的人生,與別人最大不同的原因。
寧願工作得久一點,也要兼顧享樂—
跑步時悟出「永遠不與別人競爭」的道理在「五年級生」裡(民國五十年到五十九年出生的這群人),許多人都想用力的工作十五年,然後,退休,好好的享樂。但是,黃毅從來沒想過要提早退休的問題,他不要這種被切割的人生,對他來說,「我永遠要一邊玩、一邊工作,即使可能要工作得久一點。」黃毅是少數還會認同「五十五歲退休」的「五年級生」。但是,在競爭如此激烈的花旗競技場裡,眼見著別人都這麼戮力的拚績效,黃毅要如何保持心中的平衡感呢?「永遠不要與別人競爭,要與自己競爭。」這是他的法寶,也是他青年時期跑步悟出的一個道理。
黃毅念介壽國中時,為了訓練自己的意志力,每天早上都到公園、或台北體育場跑步,後來,他發現一個道理,在這個跑道上,隨時都有新加入的人,因此,此刻你所在的位置,到底是領先,還是落後別人呢?每個人的起跑點不同,加入時間不同,跑的距離也不相同,在你後面那個人,可能落後你,也可能是領先你的人。「很顯然,這是一個無法比較的問題。所以,我唯一的想法就是,應該專注在自己的腳步上,隨時調節自己的呼吸,不要中途跌倒,或亂了腳步。」
黃毅的父親過世後,母親為了撫養幼兒,長期在外地當紡織廠的女工,即使黃毅已經擔任花旗銀行主管時,母親仍在餐廳裡洗碗,甚至為人幫傭。當時,黃毅下班後也還會到餐廳裡幫母親的忙。從小,黃毅由祖父母一手帶大,並生活在有五、六十個堂兄弟、妹的大家族,他從小就知道要如何自己解決問題,如何與別人共享資源,而在職場上成功。但是,黃毅清楚的認知, 一切的成功,只為了活出豐富的生活品質。從小的生活經驗,黃毅學會獨立,也學會與別人共享資源,並培養出等待成功的耐力。而且,「我把一個人當成人在經營,而不是當公司在經營。」因此極度工作,極度玩樂是他想活出的人生彈性。被遺忘的職場生理時鐘
近幾年來,我失去幾個職場上認識的朋友,他們以相同的節奏離開,根本來不及道別,我甚至連他們離去當時到底痛不痛苦都無從揣測,也幫不上忙。一個是營業單位的新鮮人,退伍後第一份工作,鏖戰數月,好不容易業績稍有起色,卻在某個盛夏早晨上班途中的紅綠燈前方,趴在駕駛座上停止心跳呼吸,那時,他還不滿二十五歲。另一個在日本商社工作,經常出差應酬加班,總是自豪身體壯得像條牛,沒想到卻在幾個禮拜前猝死。那個晚上看起來毫無異狀,他照舊因為加班錯過晚餐,照舊跟幾個同事吃宵夜,喝了一些冰啤酒,進了家門之後,在妻子面前倒下,送醫已經回天乏術,三十幾歲的人生,劃上休止符。
他們從自己的人生中瞬間抽離,也從職場同儕的集體記憶裡消失,我或許略知他們在工作上面臨的壓力與瓶頸,卻不曾體恤他們身體的脆弱,工作霸佔了他們得以喘息的時數,他們經常憂慮業績無法達成,新產品沒辦法順利上市,趕不及提案給老闆,他們在家庭與職場之間、人生與事業當中失去身體的主控權,即便公司給了他們優渥的待遇、高額的團體保險、昂貴的健康檢查補助,卻還是彌補不了生命倉促煞車的遺憾 。
企業總是不斷強調績效,工作狂主管也總是大方打亂員工的生理時鐘,許多上班族的人生因此失去平衡,讓 原本只應該 share三分之一時數的職場鐘點,殘酷侵蝕了另外三分之二得以休閒與睡眠的美麗時光。老闆或許每天關心工作進度,卻不曾問過員工有沒有長期便秘的煩惱;稽核可能按月追蹤交際費用,卻沒興趣知道員工的膽固醇有多高;同事之間也許計較誰的升遷快、誰的薪水高,卻沒想過誰的快樂多、誰的睡眠品質好。
長期以來,人們總是將工時長短與貢獻度忠誠度綁在一起,樂意加班心甘情願留在公司待命的人,經常獲得褒獎讚美,而準時下班抗拒超時工作的人,則被嫌棄。嚴苛定義中,不乏欣慰的暖流。早就聽說一個出版社總編輯堅決反對員工加班,一到下班時間就急著趕人,他希望工作伙伴可以擁有足夠的睡眠與休閒,離開辦公室就把工作鎖在抽屜裡,一走出辦公大樓就走進自己另外三分之二的人生。另一家企業老闆更妙,索性把每週放假前的午後也大方送給員工,鼓吹同事去喝下午茶、泡個不擁擠的露天溫泉、或者來一趟精油芳香療程。我喜歡這種人性關懷取向的溫暖體貼,而非咄咄逼人的淘空式冷漠,當然,我也敬佩這些準時要求員工下班的老闆,他們所營造的健康快樂上班概念,是這個講究高倍速競爭的職場生態中,最迷人的荒漠甘泉。
許多企業或許記得定期保養大小事務機器,為它們更換耗材檢測線路添加潤滑劑,卻疏於打理員工的身心狀況,或急於測試員工的容忍極限,期待在薪水額度之內獲得超值對價;而員工同樣高估自己的能量,總以為吞幾顆胃藥就能撐過身體苦痛,總以為每天睡三小時不成問題,或者多喝幾杯黑咖啡就能增加幾個小時的續航能力,甚至,仗著年輕、仗著體力好,就放肆熬夜、應酬、緊張、多疑,或看著自己的臉色變得蠟黃蒼白,以為多敷幾次臉,多吞幾顆維他命,應該就OK 了吧!
職場電腦化之後, 上班族經常把自己也當成不當機的CPU,即便體內的肝、膽、胃、腸、腎、心臟、血管、淋巴、內分泌、自律神經、脊椎或視網膜,已經悄悄舉牌抗議了,而一徑在職場上逞強的人啊,不要自以為是無敵鐵金剛,身心的 bug早就呼天搶地了 。被遺忘的職場生理時鐘,以及更多被忽略的員工健康警訊,在屢屢被誇大歌頌的幾波職場生態革命中,在網路改變了無時差的全球化競爭之後,人類的生理機能並不具備24小時運轉的本事,朝九晚五原該是最符合養生的工時概念,所有企業體,甚至所有工作者,是該逐步修正超時賣命的工作哲學,回歸健康工作的職場概念?

Saturday, January 24, 2009

Network Card Promiscuous mode

Promiscuous mode
From Wikipedia, the free encyclopedia
Jump to: navigation, search

In computing, promiscuous mode or promisc mode is a configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just packets addressed to it — a feature normally used for packet sniffing.

Each packet includes the hardware (Media Access Control) address. When a network card receives a packet, it checks if the address is its own. If not, the card normally drops the packet. But in promiscuous mode, the card doesn't drop the packet, thus allowing the computer to read all packets.

Many operating systems require superuser privileges to enable promiscuous mode. A non-routing node in promiscuous mode can generally only monitor traffic to and from other nodes within the same collision domain (for Ethernet and Wireless LAN) or ring (for Token ring or FDDI). Computers attached to the same network hub satisfy this requirement, which is why network switches are used to combat malicious use of promiscuous mode. A router may monitor all traffic that it routes.

Promiscuous mode is often used to diagnose network connectivity issues. There are programs that make use of this feature to show the user all the data being transferred over the network. Some protocols like FTP and Telnet transfer data and passwords in clear text, without encryption, and network scanners can see this data. Therefore, computer users are encouraged to stay away from insecure protocols like telnet and use more secure ones such as SSH.

Reset TCP/IP and Winsock settings in Microsoft® Windows® XP.

Reset TCP/IP and Winsock settings in Microsoft® Windows® XP.

--------------------------------------------------------------------------------

The following steps require you to have administrator privileges on the system.
To clear Winsock settings, perform the following steps:

1. Click Start, click Run, type regedit, and click OK.
The Registry Editor window appears.
2. Click the plus to the left of HKEY_LOCAL_MACHINE.
3. Click the plus to the left of SYSTEM.
4. Click the plus to the left of CurrentControlSet.
5. Click the plus to the left of Services.
6. Right-click Winsock and click Export.
The Export Registry File appears.
7. Save the file in My Documents as Winsock.reg.
8. Right-click Winsock and click Delete.
The Confirm Key Delete window appears.
9. Click Yes.
10. Right-click Winsock2 and click Export.
The Export Registry File appears.
11. Save the file in My Documents as winsock2.reg.
12. Right-click Winsock2 and click Delete.
The Confirm Key Delete window appears.
13. Click Yes.
14. Restart the system.

To reset Winsock and TCP/IP settings, perform the following steps:

1. When the system has finished restarting, click Start, click Run, type ncpa.cpl, and click OK.
2. The Network Connection Properties window appears.
3. Click the General tab and click Install.
The Select Network Component Type window appears.
4. Click Protocol and click Add.
5. The Select Network Protocol window appears.
6. Click Have Disk.
The Install From Disk window appears.
7. Type C:\Windows\INF and click OK.
8. Click Internet Protocol (TCP/IP) and click OK.
9. The Network Connection Properties window appears.
10. Click Close.
11. Restart the system.
12. Click Start, click Run, type netsh int ip reset delllog.txt, and click OK.*****

Friday, January 23, 2009

how to migrate mail messagges from ms. exchange to postfix

how to migrate mail messagges from ms. exchange to postfix?
Hi, I have to migrate e-mail messagges from a ms exchange server to a postfix server.

I have found nothing, the only thing I have in mind is to use fetchmail on the postfix server to get the e-mail messagges from the ms exchange server.

Is this correct?

Are there other methods, like "copy" e-mail from one machine to the other?

Which format are the exchange e-mail stored in?

Thanks in advance.

I have no idea what format Exchange uses to store emails, so I think fetchmail or getmail would be the best options.
http://www.howtoforge.com/debian_etch_fetchmail
http://www.howtoforge.com/debian_etch_getmail

Fetchmail can only be used for mail in transit, you need to use imapsync to do the migration it will preserve all the message flags.

Exporting MS Exchange 5.5 Users to Postfix

While configuring a Postfix mail server to relay inbound email from the outside world to a Microsoft Exchange server inside a customer's network, we wanted to populate the Postfix "relay_recipients" table with all the valid internal users. Though it's possible to just "relay everything", it means that the Postfix server will accept delivery for invalid accounts and then have them be refused by Exchange. This puts the burden of generating a bounce email onto Postfix. By populating the relay_recipients table, Postfix can reject this mail outright before taking delivery. It's just cleaner all around.

This Tech Tips documents how we built an automated system for exporting the user list from Microsoft Exchange, transferring it to the mail server, and specially processing the address list to build the proper table. This now runs on an automated basis on several customers and requires no human intervention.

The discussions here involve this environment:

  • Microsoft Exchange 5.5 SP4
  • PuTTY -or- VanDyke Software "SecureCRT" 4.x
  • Red Hat Linux 8.0
  • Postfix 2.0.9
  • OpenSSH 3.5

Note: We considered having Postfix make an LDAP query to the Exchange server, but we rejected it for several reasons. The main reason is that we wanted the mail relay machine to be as standalone as possible, not depending on Exchange to be available in realtime to decide to accept the message or not. We are looking into doing this "right" with LDAP, but for the time being we wanted the relay recipients listed locally.

Note further that here we are using Berkeley DB files for for storing the data even though there are plenty of other ways to do it (LDAP, MySQL, etc.). Adjust to your own environment.


Exporting users from Exchange 5.5

This proved to be the hardest part, and credit for figuring it out goes to Steve Gardiner of Draper's & Damon's. He waded through the bad and buggy Microsoft documentation to get it running on a completely unattended basis.

For this process we use the ADMIN.EXE (Exchange Administrator) command, but with command-line options that make it unattended. By way of example, our Exchange is installed at D:\exchsrvr and we're putting our custom files in D:\userexport. These of course can be relocated anywhere as needed.

One of the main difficulties was getting the entire list of email addresses in the system: all kinds of addresses were not showing up for one reason or another: this made the relay list incomplete.

We're creating several files in our D:\userexport directory:

exportfields.txt
The ADMIN program reads from the output file to learn what fields are being exported - which seems to us to be an odd arrangement - and we create this small template file to repopulate the file anew on each run. Otherwise, it's conceivable that a problem in the export process could lead to a trashed output file, losing the field list. Without a field list to start with, ADMIN chooses a default list that's not useful to us.
The file should contain:
Obj-Class   tab   E-mail addresses   tab   Secondary-Proxy-Addresses
Once created, it's never touched again.
userexport.ini
This is a file that tailors the behavior of the ADMIN program for this export operation, and though it may be possible to use some "system" configuration file for this, we use a private config file that won't impact Exchange operations beyond the export.
[Export]
DirectoryService=servername here
Basepoint=
Container=Recipients
ExportObject=All
InformationLevel=Minimal
BasepointOnly=No
RawMode=No
HiddenObjects=Yes
Subcontainers=No
CodePage=0
; 09 = TAB
ColumnSeparator=09
; 37 = %
MVSeparator=37
; 34 = "
QuoteCharacter=34
runexport.bat
This batch file actually runs the export, and (later) will send the file to the Postfix mail server for addition to the relay-recipients database.
This batch file contains:
D:
cd \userexport
copy exportfields.txt exchusers.txt
\exchsrvr\bin\admin /e exchusers.txt /n /o userexport.ini
The /n parameter suppresses a GUI progress display box, /o specifies the name of the options file, and /e shows where to export the data to.

Once these above files are created, give it a test run by launching the batch file. There won't be any meaningful output (remember that we used the /n switch to suppress progress reporting) only the final exchusers.txt file will be created to show success.

The file contains all email addresses for all users, and this includes addresses that aren't for the internet (X.500, CCMail, etc.). These are all removed later during file processing.

Processing on the Exchange server

We are temporarily skipping the step of exactly how to get the data up to the Postfix system and just presume it somehow happened. This file has been conveyed to /etc/postfix/exchusers.txt and we'll touch on how we actually did that conveyance below.

The exchusers.txt file is in a form entirely unsuitable for use by Postfix, so we must do a bit of processing with a small perl program to make it useful. Though it's possible to do a direct one-to-one translation, in practice this is not very useful. The main reason is that most sites don't wish for every email address inside the network to be relayed from the outside.

In some cases each user has several addresses that account for previous email schemes, and in others there are users or distribution lists that should simply not be permitted from the outside: everybody@unixwiz.net would be a lousy address for a spammer to get. Finally, Exchange has some internal email addresses that don't look promising for external access, such as schedule+freebusyinformation-ntserver@unixwiz.net.

In addition, the directory can contain aliases for non-local addresses, such as "page-consultant" as an alias for an external pager email address. This is mainly for internal use: outside users shouldn't be able to use it. It's possible to exclude this specifically in the --exclude file, but it's easier to simply tell the parser to exclude all addresses that aren't in our interesting domain.

The --domain=D parameter adds D to the list of valid domains (it can be repeated), and if defined it ignores any addresses not in that list. If this option is not given at all, there are no domain-specific restrictions.

We normally put this rule in a makefile in the Postfix working area:

ALL = ...relay_recipients.db ...

all: $(ALL)

OPTS=--domain=unixwiz.net --exclude=exclude-users.txt

relay_recipients : exchusers.txt exclude-users.txt
tab ./parse-exchange-users ${OPTS} <> $@

%.db : %
tab postmap $*

Now, typing "make" will build this file from scratch.

NOTE - those who have never used a makefile may wish to consult our other Tech Tip: Using "make" for Postfix file maintenance.

Configuring Postfix to use the relay recipients is not really within the scope of this Tech Tip, but the relevant line in the main.cf file should be something like this:

relay_recipient_maps =
hash:/etc/postfix/relay_recipients

In a more advanced environment, where one domain is on the "inside" but other domains are involved in relay, it may make sense to put the recipient lists in separate files:

relay_recipient_maps =
hash:/etc/postfix/exchange_recipients
hash:/etc/postfix/relay_recipients

Here, we presume that exchange_recipients is the dynamically built list, and relay_recipients is the one maintained by hand. We believe this does require two separate database queries, but we're not working in a high-volume environment. Those that are might concatenate two input files and create a single relay_recipients file as input to the database file.

As a final step we'll add a single command that's used to rebuild just the files related to relay: it's used by the automated processes that follow. In the file /etc/postfix/rebuild-relay-recips we include:

cd /etc/postfix
make relay_recipients.db

and the file must be made executable:

# chmod u+x /etc/postfix/rebuild-relay-recips

Running this all by hand is very tedious, and in practice there is simply no way that anybody's going to be really religious about running this every time a user is added to Exchange.

So we've worked out a few ways to automatically copy the data from the Exchange machine to the Postfix machine using secure copies (we presume that Exchange is inside the corporate firewall and that Postfix may be outside or in the DMZ). Though we prefer the commercial software SecureCRT, we've also figure out how to use the freeware PuTTY tool for this.

Choose one of the two sections below.

Automating Using SecureCRT

We used SecureCRT from VanDyke Software as our SSH client, and though it's commercial software (about $100), we have used it for years and are very happy with it. It has a regular terminal emulation client, plus command-line copy and remote shell tools that work together.

After installing SecureCRT normally on the machine that runs Exchange, we next need to create an RSA public/private key pair to allow secure and unattended copies. This key should not be the one used for any other purpose!

Launch SecureCRT, then navigate this way through the menus:

  1. Select Tools:Create Public Key from the top menu
  2. Click Next after the introductory dialog box
  3. Select a RSA key, then click Next
  4. do not select a passphrase, then click Next
  5. Select a 1024-bit key click Next
  6. Move the mouse around as requested to provide random input, then click Next
  7. Save the key file in D:\userexport\exchupdate, then click Finish
  8. Click No when asked if you wish to use this as your global public key
  9. Close SecureCRT

Somehow get the file exchupdate.pub to the Postfix server, and run these commands as root. One way is to ssh from the Exchange server to the Postfix server and actually paste the few ASCII lines from the pub file to the output place directly:

# cd /root/.ssh

# cat > exchupdate.pub
{paste exchupdate.pub here}
^D

# ssh-keygen -i -f exchupdate.pub >> authorized_keys2

# vi authorized_keys2
{add a comment "Exchange user update from NTSERVER"}

Now this key is allowed to run commands as root.

NOTE - there are all kinds of ways to add increased security to this arrangement, such as limiting which IP addresses this key can be used from, limiting which commands can run, and running this as a non-root user. This is all highly relevent, but we didn't want to bog down this Tech Tip with this detailed information. Feel free to give it a go.

Now we update our original batch file to reflect the added functions of "copy data to Postfix system" and "rebuild the relay recipients".

D:
cd \userexport
copy exportfields.txt exchusers.txt
\exchsrvr\bin\admin /e exchusers.txt /n /o userexport.ini

vcp -i exchupdate exchusers.txt root@servername:/etc/postfix
vsh -i exchupdate -l root servername /etc/postfix/rebuild-relay-recips

The last two lines do the real work, and it of course depends on having VanDyke's vcp and vsh commands in the search path. Replace servername with the name of the Postfix server.

Now, running this script on the NT system will do a start-to-finish update of the relay recipients for this Exchange server, and this can be scheduled to run out of WinAT - the command scheduler - periodically. We typically run it once an hour during the workday. The command scheduler can be found in the Windows NT 4.0 Server Resource Kit.

Automating Using PuTTY

Though we have been fans (and paying customers) of SecureCRT for a very long time, we understand that others may wish for alternate solutions for getting the data from Exchange to the Postfix system. This section details the updates using the free solution PuTTY. Please note that this is the first time we've ever used PuTTY: those finding better ways to do this are encouraged to let us know.

  1. Locate the three required PuTTY binaries: pscp.exe (secure copy), plink.exe (secure remote command execution), and puttygen.exe (the key generator). We normally put them right in the same directory with the other parts of this little system. We found PuTTY here
  2. Create a PuTTY RSA public/private key pair:
    • open command window, go to working directory (e.g., "D:\userexport")
    • run puttygen.exe
    • select the SSH2 RSA Key radio button
    • click the Generate button
    • move the mouse when requested to generate random data
    • when finished, enter anything you like for a key comment (we use "Exchange User Update Key")
    • do not enter a pass phrase!
    • click "Save Public Key" and navigate to the directory you're working in: name it exchupdate.pub.
    • click "Save Private Key" and navigate to the directory you're working in: name it exchupdate.ppk. Approve the request to save without a passphrase.
    • exit the puttygen program
  3. Somehow Convey the PuTTY public key file (exchupdate.pub) to the Postfix machine, put it in /tmp or other convenient place.
  4. As root, convert the key file from SSH2 format into OpenSSH format, appending it to the list of authorized keys:

    # ssh-keygen -i -f /tmp/exchupdate.pub >> /root/.ssh/authorized_keys2
    # rm /tmp/exchupdate.pub
  5. Edit the /root/.ssh/authorized_keys2 file to make sure the key comment was entered - edit if necessary.
  6. Update the runexport.bat batch file with the two secure commands:

    D:
    cd \userexport
    copy exportfields.txt exchusers.txt
    \exchsrvr\bin\admin /e exchusers.txt /n /o userexport.ini

    pscp -2 -i exchupdate.ppk exchusers.txt root@servername:/etc/postfix
    plink -2 -i exchupdate.ppk root@servername /etc/postfix/rebuild-relay-recips

Download

Thursday, January 22, 2009

How to make scrollable checkboxes

How to make scrollable checkboxes

Making scrollable checkboxes is pretty simple. Set them up how you would as if they were not scrollable, but surround them in a container element (be that a fieldset, p, div, or the like). Give the container a class, like scroll_checkboxes. In your stylesheet, you’ll want to style the container to define it’s height and make it scrollable. Note that this is just a starting point:


.scroll_checkboxes {
height: 100px;
padding: 5px;
overflow: auto;
border: 1px solid #ccc
}

Wednesday, January 21, 2009

open multiple files in tabs, vim 7 can do that.

Remember last time when I open multiple files using vim, it will be loaded and store at the back buffer, in order to bring it to front, you need to first save your current file with :w then :bn for next :bp for previous. But seems vim 7 support tabs, I would like to open multiple files in tab for each file.

vim -p file1 file2 file3

But we might forget to specified -p and open files in the old manner, which my key maps to utilized tab become useless. I realize that if open one file with -p doesn’t have much different without -p, therefore, I play a trick. I set an alias in .bashrc ( .bashrc at home directory).

Insert this into .bashrc:

alias vi="vim -p"

alias allows me to change the way of calling vim, when I type vi, bash shell will replace vi command with vim -p. Therefore, now i can open multiple files in tabs like

vi file1 file2 file3

Important: after changing the .bashrc, terminal have to be restart to see the effects.

#

To move to next tab use

:tabn

to previous tab

:tabp

#
Max Says:
February 8th, 2008 at 2:47 pm

It’s better to use gt and gT to move forward and backwards in the tabs, respectfully. That way you don’t have to enter command mode.

100 Vim commands every programmer should know

100 Vim commands every programmer should know

Posted by Jean-Baptiste Jung on Jun 30, 2008 in Web development74 comments

Since the 70’s, Vi is one of the programmer’s best friend. Nevermind you’re new to Vi or not, here’s a big list of 100 useful commands, organized by topic, which will make your coder life better.

Search

/word Search “word” from top to bottom
?word Search “word” from bottom to top
/jo[ha]n Search “john” or “joan”
/\<> Search “the”, “theatre” or “then”
/the\> Search “the” or “breathe”
/\<> Search “the”
/\< ….\> Search all words of 4 letters
/\/ Search “fred” but not “alfred” or “frederick”
/fred\|joe Search “fred” or “joe”
/\<\d\d\d\d\> Search exactly 4 digits
/^\n\{3} Find 3 empty lines
:bufdo /searchstr/ Search in all open files

Replace

:%s/old/new/g Replace all occurences of “old” by “new” in file
:%s/old/new/gw Replace all occurences with confirmation
:2,35s/old/new/g Replace all occurences between lines 2 and 35
:5,$s/old/new/g Replace all occurences from line 5 to EOF
:%s/^/hello/g Replace the begining of each line by “hello”
:%s/$/Harry/g Replace the end of each line by “Harry”
:%s/onward/forward/gi Replace “onward” by “forward” , case unsensitive
:%s/ *$//g Delete all white spaces
:g/string/d Delete all lines containing “string”
:v/string/d Delete all lines containing which didn't contain “string”
:s/Bill/Steve/ Replace the first occurence of “Bill” by “Steve” in current line
:s/Bill/Steve/g Replace “Bill” by “Steve” in current line
:%s/Bill/Steve/g Replace “Bill” by “Steve” in all the file
:%s/\r//g Delete DOS carriage returns (^M)
:%s/\r/\r/g Transform DOS carriage returns in returns
:%s#<[^>]\+>##g Delete HTML tags but keeps text
:%s/^\(.*\)\n\1$/\1/ Delete lines which appears twice
Ctrl+a Increment number under the cursor
Ctrl+x Decrement number under cursor
ggVGg? Change text to Rot13

Case

Vu Lowercase line
VU Uppercase line
g~~ Invert case
vEU Switch word to uppercase
vE~ Modify word case
ggguG Set all text to lowercase
:set ignorecase Ignore case in searches
:set smartcase Ignore case in searches excepted if an uppercase letter is used
:%s/\<./\u&/g Sets first letter of each word to uppercase
:%s/\<./\l&/g Sets first letter of each word to lowercase
:%s/.*/\u& Sets first letter of each line to uppercase
:%s/.*/\l& Sets first letter of each line to lowercase

Read/Write files

:1,10 w outfile Saves lines 1 to 10 in outfile
:1,10 w >> outfile Appends lines 1 to 10 to outfile
:r infile Insert the content of infile
:23r infile Insert the content of infile under line 23

File explorer

:e . Open integrated file explorer
:Sex Split window and open integrated file explorer
:browse e Graphical file explorer
:ls List buffers
:cd .. Move to parent directory
:args List files
:args *.php Open file list
:grep expression *.php Returns a list of .php files contening expression
gf Open file name under cursor

Interact with Unix

:!pwd Execute the “pwd” unix command, then returns to Vi
!!pwd Execute the “pwd” unix command and insert output in file
:sh Temporary returns to Unix
$exit Retourns to Vi

Alignment

:%!fmt Align all lines
!}fmt Align all lines at the current position
5!!fmt Align the next 5 lines

Tabs

:tabnew Creates a new tab
gt Show next tab
:tabfirst Show first tab
:tablast Show last tab
:tabm n(position) Rearrange tabs
:tabdo %s/foo/bar/g Execute a command in all tabs
:tab ball Puts all open files in tabs

Window spliting

:e filename Edit filename in current window
:split filename Split the window and open filename
ctrl-w up arrow Puts cursor in top window
ctrl-w ctrl-w Puts cursor in next window
ctrl-w_ Maximise current window
ctrl-w= Gives the same size to all windows
10 ctrl-w+ Add 10 lines to current window
:vsplit file Split window vertically
:sview file Same as :split in readonly mode
:hide Close current window
:only Close all windows, excepted current
:b 2 Open #2 in this window

Auto-completion

Ctrl+n Ctrl+p (in insert mode) Complete word
Ctrl+x Ctrl+l Complete line
:set dictionary=dict Define dict as a dictionnary
Ctrl+x Ctrl+k Complete with dictionnary

Marks

mk Marks current position as k
‘k Moves cursor to mark k
d’k Delete all until mark k

Abbreviations

:ab mail mail@provider.org Define mail as abbreviation of mail@provider.org

Text indent

:set autoindent Turn on auto-indent
:set smartindent Turn on intelligent auto-indent
:set shiftwidth=4 Defines 4 spaces as indent size
ctrl-t, ctrl-d Indent/un-indent in insert mode
>> Indent
<< Un-indent

Syntax highlighting

:syntax on Turn on syntax highlighting
:syntax off Turn off syntax highlighting
:set syntax=perl Force syntax highlighting