When I paid for the January 2008 software update for the iPod touch through iTunes, it didn't work as expected. Usually when I bought songs and such through the iTunes music store, I can see almost instantly that the items are downloaded. With the software update, nothing seemed to happen and I was put back at the beginning. Unwittingly, I clicked the button to kick off the software update again, and this time, it seemed, the update started to happen. I was afraid that I would get charged twice. When I received confirmation email from Apple, the two references to the software update had the same reference number. I figured some human being caught the double-charge and corrected the dumb computer program.
When my credit card bill arrived, lo and behold I was indeed charged twice. I dreaded calling customer service, whether for the credit card company or Apple. I decided to contact Apple by email first. I explained that I was not happy that I got charged for the software update even though I just got the touch in December. Naturally, I was doubly upset that I got charged twice. Adding insult to injury, no? Fortunately, an Apple rep wrote back informing me that not only she gave me credit for the extra charge, she also gave me five free songs on the online music store. Whoopee! It is my first instance of dealing with Apple customer service and they sure did the right thing for me. I blew all five song credits on "Weird Al" Yankovic.
26 February 2008
16 February 2008
Ringtones Ring True
I've been playing around with the ringtones on my Razr. Unlike the iPhone, I don't have to pay extra to use any songs on the phone as ringtones. I was lazy and didn't trim the songs to have just the pertinent lines, but here goes...
- general incoming call: Call Me, by Blondie. Of course! It has to be!
- voice mail: Message In A Bottle, by The Police.
- calendar alarm: There's Always Something There To Remind Me, by Naked Eyes.
- text message alert: I've Gotta Get A Message To You, by The Bee Gees. Granted this Bee Gees tune can be used for voice mail too, but I don't get that much text message so best to have this tune for it. The idea of death isn't something to be reminded of too often.
- calls from my Mom: Mamma Mia, by ABBA. Mother by The Police may be a better choice, but it's one of the few Police songs that I hate, so no thanks.
- calls from home: 那裡是吾家? (Where Is Home?), by Sam Hui (許冠傑). Maybe in a few months I will change it to Homeward Bound by Simon & Garfunkel...
- calls from my boss: Trap (Platypus Boss 1), by Ben Daglish. Not that my boss has anything to do with traps, just that the tune is played in the game Platypus at the end of Level 1, where you have to defeat the boss to advance further. In video games, the boss level is where you have to defeat some character who can take more than the usual one or two shots to succumb.
- calls from the Wife: Life Made Simple, by Jessica Hsuan and Roger Kwok. The song is the theme song of the Chinese soap opera by the same name, or 阿旺新傳 in Chinese. The show is about a mentally retarded man who thinks his childhood female playmate is his wife, or something like that. Sometimes my Wife must think I am crazy not to be dishonest whenever the chances appear.
14 February 2008
Whose SID Is It Anyway?
Does SID History repeat itself? I thought I knew pretty much all that's needed to know about SID History but today I realized otherwise.
You may recall that my company is in the process of converting a few Windows NT networks into ActiveDirectory. Like trying to paint the inside of a house with all the furniture intact, it is hard to move a live domain. It would be a luxury if we could just find some server space and moved all the data there and at the same time gave everyone new accounts in A.D. It is just not possible because there is too much data and there are too many people, people with money-producing tasks to attend to who cannot afford much down time. Instead, we first give users new accounts and create new groups that have access to the existing data. Again, if it is just a few gigabytes of data to worry about, we would just re-permission them all with the new groups. But the amount of data is tremendous, so Engineering came up with a clever solution.
I heard a lot of "SID History" being the key to giving the new groups access to the existing data but only today I learned what exactly is a SID History. It turned out to be just a multi-value field of a group object. Well-known group fields or properties are names, members, and descriptions, then we have esoteric ones like SID History. Just by populating the different values of the SID History of a group in A.D. with the SID values of groups in the legacy domains, we give the new group whatever access the old groups enjoy. SIDs, of course, are the internal names the computer see the groups. Each SID uniquely identifies the group, such that if you delete a group then create a new one with the same name, to you the groups are the same, but to the computer they are not because they were assigned different SIDs.
One side effect of using SID History is that the Access Control List for resources that have legacy groups become misleading. Instead of showing say, OldDomain\OldGroup, the ACL displays ADDomain\NewGroup. We usually assume that the ACL is always wrong and make sure users in the different domains are added to their respective groups. However, as I discovered the last time I visited the topic of SID History, if someone explicitly granted the NewGroup access, the SID History won't allow the OldGroup access to the resource. SID History, at least the way we implemented it, only works one way.
So, if you see the ACL having ADDomain\NewGroup, how would you know what OldGroup to add the users to? Most of the times, the group names are identical, but there are exceptions. Today, I came across the following situation:
The ACL says the group GADWPnaruto in ADDomain has access to the path \\djpkunai\jutsu$ . There is a group called naruto in the old domain, but I want to know for sure. Up to then, I haven't met any linked groups that were not identically named. I asked around and supposedly there was no easy way. I was shown how ADSEdit.msc would be used to populate the SID History field, but then in ADSEdit the value for the SID History was in hexadecimal only, not in the more familiar, albeit messy, format of S-1-5-12-123456-7891011-121314. Personally, I would prefer some kind of command-line tool to look up the SID History, so I started the search.
The search started out on a good foot. I already knew about the RAW option of the FileACL command.
FileACL \\djpkunai\jutsu$ /raw
would list the ACL in raw format, i.e. in SID format like S-1-52-9876-5432-1012 instead of human-friendly names like TopSecretGroup. Part of the SID tells me what domain the group is in so by using the RAW option I can see right away if the ACL was showing a real ADDomain group or just the effect of the SID History.
A quick review of Joe Richards' ADFind command and I was able to show the SID History field for a given AD group. All that was left was to translate the SID found in the SID History to a name in the suspect old domain. I started with DumpSec, then DameWare NT Utilities, and finally Hyena - all no good. DumpSec can list the SID in its users report, but strangely does not have that option for groups. DameWare and Hyena are equally useless and would only show the very basic info, i.e. members and options to change them. DameWare used to be pretty good for exporting info, but with the version I am using, 5.1.1.8, exporting is done by a separate program and the way it works is totally different, less intuitive, AFAIC. Searching in Google for SID + group + NT led me to JoeWare.net and SIDToName. While it did the job of translating the SID into name, it needs to be told where to find the group, i.e. on which computer. For example, if I suspect the SID S-1-23-4455-6677-8899-0123 belongs to some group in the Eminent domain, I cannot feed SIDToName Eminent\S-1-23-4455-6677-8899-0123. Instead, I would have to find out the name of a domain controller, say ServerEFG. The command would then be
SIDToName S-1-23-4455-6677-8899-0123 ServerEFG
It is not hard to find the name of a domain controller. In DameWare, I usually just load the users or groups for the given domain and the DC name would be shown near the top of the screen. But it is an extra step to be taken.
I continued searching and somehow came across PSGetSID. At first it doesn't look useful enough, as the meager documentation seemed to say that the command only works with computers and users. I went ahead and fed it a group name and it gladly responded with the SID. Even better, you can feed it either Domain\Group or just the SID and it would give you back the other thing, e.g.
PSGetSID OldDomain\OldGroup
would yield S-1-23-4567-8910-1112 while
PSGetSID S-1-23-4567-8910-1112
would correctly identifies the SID as belonging to OldDomain\OldGroup. Amazing! It works both ways, all without having to be told what computer to fetch the info from. PSGetSID is especially helpful if you have an idea of the group's domain. When just feeding a SID, it would incorrectly fetch the AD domain name and group. To be sure, you would still need to also feed it a DC name, as in
PSGetSID ServerEFG S-1-23-4567-8910-1112
I decided to write all this up because I was frustrated that my initial Googling did not locate PSGetSID. I had to wade through references to SIDToName and about some DLL or other programmatic solutions. I even came across my own blog entry about SID History! Here's hoping that the next time someone asks, "How do I get the SID for a given group name?", this blog entry will be on the first page of the query.
You may recall that my company is in the process of converting a few Windows NT networks into ActiveDirectory. Like trying to paint the inside of a house with all the furniture intact, it is hard to move a live domain. It would be a luxury if we could just find some server space and moved all the data there and at the same time gave everyone new accounts in A.D. It is just not possible because there is too much data and there are too many people, people with money-producing tasks to attend to who cannot afford much down time. Instead, we first give users new accounts and create new groups that have access to the existing data. Again, if it is just a few gigabytes of data to worry about, we would just re-permission them all with the new groups. But the amount of data is tremendous, so Engineering came up with a clever solution.
I heard a lot of "SID History" being the key to giving the new groups access to the existing data but only today I learned what exactly is a SID History. It turned out to be just a multi-value field of a group object. Well-known group fields or properties are names, members, and descriptions, then we have esoteric ones like SID History. Just by populating the different values of the SID History of a group in A.D. with the SID values of groups in the legacy domains, we give the new group whatever access the old groups enjoy. SIDs, of course, are the internal names the computer see the groups. Each SID uniquely identifies the group, such that if you delete a group then create a new one with the same name, to you the groups are the same, but to the computer they are not because they were assigned different SIDs.
One side effect of using SID History is that the Access Control List for resources that have legacy groups become misleading. Instead of showing say, OldDomain\OldGroup, the ACL displays ADDomain\NewGroup. We usually assume that the ACL is always wrong and make sure users in the different domains are added to their respective groups. However, as I discovered the last time I visited the topic of SID History, if someone explicitly granted the NewGroup access, the SID History won't allow the OldGroup access to the resource. SID History, at least the way we implemented it, only works one way.
So, if you see the ACL having ADDomain\NewGroup, how would you know what OldGroup to add the users to? Most of the times, the group names are identical, but there are exceptions. Today, I came across the following situation:
The ACL says the group GADWPnaruto in ADDomain has access to the path \\djpkunai\jutsu$ . There is a group called naruto in the old domain, but I want to know for sure. Up to then, I haven't met any linked groups that were not identically named. I asked around and supposedly there was no easy way. I was shown how ADSEdit.msc would be used to populate the SID History field, but then in ADSEdit the value for the SID History was in hexadecimal only, not in the more familiar, albeit messy, format of S-1-5-12-123456-7891011-121314. Personally, I would prefer some kind of command-line tool to look up the SID History, so I started the search.
The search started out on a good foot. I already knew about the RAW option of the FileACL command.
FileACL \\djpkunai\jutsu$ /raw
would list the ACL in raw format, i.e. in SID format like S-1-52-9876-5432-1012 instead of human-friendly names like TopSecretGroup. Part of the SID tells me what domain the group is in so by using the RAW option I can see right away if the ACL was showing a real ADDomain group or just the effect of the SID History.
A quick review of Joe Richards' ADFind command and I was able to show the SID History field for a given AD group. All that was left was to translate the SID found in the SID History to a name in the suspect old domain. I started with DumpSec, then DameWare NT Utilities, and finally Hyena - all no good. DumpSec can list the SID in its users report, but strangely does not have that option for groups. DameWare and Hyena are equally useless and would only show the very basic info, i.e. members and options to change them. DameWare used to be pretty good for exporting info, but with the version I am using, 5.1.1.8, exporting is done by a separate program and the way it works is totally different, less intuitive, AFAIC. Searching in Google for SID + group + NT led me to JoeWare.net and SIDToName. While it did the job of translating the SID into name, it needs to be told where to find the group, i.e. on which computer. For example, if I suspect the SID S-1-23-4455-6677-8899-0123 belongs to some group in the Eminent domain, I cannot feed SIDToName Eminent\S-1-23-4455-6677-8899-0123. Instead, I would have to find out the name of a domain controller, say ServerEFG. The command would then be
SIDToName S-1-23-4455-6677-8899-0123 ServerEFG
It is not hard to find the name of a domain controller. In DameWare, I usually just load the users or groups for the given domain and the DC name would be shown near the top of the screen. But it is an extra step to be taken.
I continued searching and somehow came across PSGetSID. At first it doesn't look useful enough, as the meager documentation seemed to say that the command only works with computers and users. I went ahead and fed it a group name and it gladly responded with the SID. Even better, you can feed it either Domain\Group or just the SID and it would give you back the other thing, e.g.
PSGetSID OldDomain\OldGroup
would yield S-1-23-4567-8910-1112 while
PSGetSID S-1-23-4567-8910-1112
would correctly identifies the SID as belonging to OldDomain\OldGroup. Amazing! It works both ways, all without having to be told what computer to fetch the info from. PSGetSID is especially helpful if you have an idea of the group's domain. When just feeding a SID, it would incorrectly fetch the AD domain name and group. To be sure, you would still need to also feed it a DC name, as in
PSGetSID ServerEFG S-1-23-4567-8910-1112
I decided to write all this up because I was frustrated that my initial Googling did not locate PSGetSID. I had to wade through references to SIDToName and about some DLL or other programmatic solutions. I even came across my own blog entry about SID History! Here's hoping that the next time someone asks, "How do I get the SID for a given group name?", this blog entry will be on the first page of the query.
12 February 2008
Berhala Hut
My sister CH visited my family a few days after Tết. Mother made a big meal and we talked afterward about many topics. Eventually we gravitated toward our refugee experience again. The question was, "How long were we at the various islands?" There was no calendar to tell the day, the weather was always hot, and there was no TV to watch our favorite show to make reference to a particular event. Hmm, remember one night some drunk set his hut on fire? Luckily his neighbors quickly put out the fire, lest it spread to their huts too. It was a Thursday because I was watching Naruto Shippuuden on the PowerBook. Yeah, right.With the need to record more of this memory before it is all forgotten, I am resuming my "memoir" of the experience. It also helped that I received a positive feedback for my entry earlier about my refugee experience.
The drawing above is what I remember of my home on Berhala Island. As you may recall, my family was lucky enough to meet Grandaunt "Luck" to inherit the hut from her. Granny's family were scheduled to leave Berhala for Galang Camp when we arrived. They were among the first on Berhala Island and they did a great job of putting the hut together.
The view in the drawing is that from outside the "window". It's just a big, rectangular opening in the wall. Next to the window, there was a pair of chairs with a table in the middle. I don't know for sure if we had a teapot and cups on that table. There were two openings to get into the hut - to the left of the big column in the picture and to the right of the "window". The left "door" would be for getting to the street while the right one would be for entering the yard. Taking up a big portion of the hut was the bed. I don't recall us having pillows. I made believe we stuff some luggage bags with clothes for use as pillows. At night, my two sisters and I would share the bed. My parents and brother would sleep on the floor, on some tarp, to the right, while my uncle lie along the space between the bed and the tea table. In the right corner, we had our own shower room complete with a door that swung to the right. Water was stored in a metal drum and a scooper would float on top of the water. There was probably some long groove in the ground to drain water to the ditch in the back of the hut. We had our own well to draw water from, Granny Luck really made it easy for themselves and then us. The "kitchen" consisted of a hole in the ground with three bricks. There was plenty of trees on the island to supply fuel for the kitchen. I drew the "range" deeper into the hut, but in reality it was much closer to the "wall" of the hut, in the foreground and not shown. I think there was a sheet of metal to keep the occasional long tongue of the flame from setting the wall on fire. There was a shelf against the right wall and is not shown in the picture. We probably kept kitchen stuff like pots and pans, ceramic bowls and plates, spoons, chopsticks, etc. I drew those things near the kitchen, as if they were ready for washing, but in reality they would be cleaned in the yard. The ground was just dirt and the walls, as well as the roof, were fronds, perhaps from the many coconuts trees on the island. Other than the metallic barrel (thùng phi) in the shower room to hold water and the nails to hold the furnitures together, we were living in the Wooden Age.
Prior to the Berhala hut, our home was a top-floor condo with indoor plumbing and electricity. The floor was tiled and the walls were solid. The kitchen, interestingly, used firewoods, too, so that part of our life wasn't too different from the refugee experience. It was a big change for the worse to go from the condo to the hut, but I still consider ourselves lucky. We didn't have to spend any money to get the hut. We got food from some relief agency periodically, but we still had to provide for other expenses. I think we got by mostly from the jewelries that my mother sold, one by one.
Without electricity, cell phone service, or iPod, how did I spend my days on Berhala Island? That is a topic for another drawing on another day.
09 February 2008
N.Wii.P.L.
I have been a regular user of public library ever since I found out about it. Living in Brooklyn, by default I frequent the local branches of the Brooklyn Public Library (BPL). When I started to work at home every week, I visit the library even more often, sometimes three times a week, if not to pick up reserved items then just to get out of the house for a while.
Since I started taking my Son to music class in Chinatown, I also go to the New York Public Library (NYPL) branches in the area. The materials available for borrowing are not too different from the BPL's. There are books, DVDs, VHS tapes, CDs, graphic novels, Wi-Fi Internet access, etc. just like in Brooklyn. The difference is that NYPL, I don't know since when, has console games. While it's true that NYPL has always had CD-ROMs for Windows PCs, I never had any interests in them. They are mostly kiddie games and, besides, I don't use PCs much at home unless I am working. But now that I have a Nintendo Wii, I am very interested in what the library has to offer.
The first time I saw console games in an NYPL branch it was in the Chatham Branch. Chatham is in the heart of Chinatown and is always crowded, so it was no surprise that there were only one Wii game available. There were some Xbox and Sega games, too. A few weeks later I visited the relatively new Mulberry Branch, further north near Houston Street. I picked up Super Mario Galaxy and The Bee Movie games, two being the limit per library card. Alas, when I tried to return the games, I picked up my own game, Mario and Sonic at the Olympic! Oh well, I will have to return it late on Monday. The good thing is I got the Hot Wheels Wii game. It is one of the games my Son wants, but I am pretty sure he would never get too far with the game. Borrowing from the library is the best way to go. Only if my Son gets really far with the library's copy will I buy the game.
Since I started taking my Son to music class in Chinatown, I also go to the New York Public Library (NYPL) branches in the area. The materials available for borrowing are not too different from the BPL's. There are books, DVDs, VHS tapes, CDs, graphic novels, Wi-Fi Internet access, etc. just like in Brooklyn. The difference is that NYPL, I don't know since when, has console games. While it's true that NYPL has always had CD-ROMs for Windows PCs, I never had any interests in them. They are mostly kiddie games and, besides, I don't use PCs much at home unless I am working. But now that I have a Nintendo Wii, I am very interested in what the library has to offer.
The first time I saw console games in an NYPL branch it was in the Chatham Branch. Chatham is in the heart of Chinatown and is always crowded, so it was no surprise that there were only one Wii game available. There were some Xbox and Sega games, too. A few weeks later I visited the relatively new Mulberry Branch, further north near Houston Street. I picked up Super Mario Galaxy and The Bee Movie games, two being the limit per library card. Alas, when I tried to return the games, I picked up my own game, Mario and Sonic at the Olympic! Oh well, I will have to return it late on Monday. The good thing is I got the Hot Wheels Wii game. It is one of the games my Son wants, but I am pretty sure he would never get too far with the game. Borrowing from the library is the best way to go. Only if my Son gets really far with the library's copy will I buy the game.
07 February 2008
tennai-denai-jutsu
Ever since I became a Naruto fan, I have thought of incorporating Naruto into one of my cartoon. No such cartoon has been made yet, but today I found an interesting store sign that I just had to snap. Right here in beautiful Bensonhurst, Brooklyn, there is a place where you can get your 1040 or 1099 tax form completed AND learn a new jutsu or two! I heard that the new tennai-denai-jutsu is pretty powerful and can make money grow on trees.In the Naruto universe, chakra is the life energy that can be used for almost anything, such as making illusion, creating clones of oneself, or transporting objects to another dimension! Personally, I am not that much interested in balancing my chakras. I much prefer collect it into a ball to throw at my opponent.
Of course, if you do a quick research in Wikipedia, you would learn that, outside of the Naruto universe, chakra is more popularly linked to holistic health. I am sure this is what the CPA offers here, in addition to ledger-balancing.
04 February 2008
All I Really Need To Know
...I Learned While Playing Yahoo!Games Daily Crosswords.
Well, it is far from the truth. I just couldn't help making reference to one of my favorite book, Robert Fulghum's All I Really Need To Know I Learned In Kindergarten. I did learn a few new things of late primarily from playing crosswords.
Well, it is far from the truth. I just couldn't help making reference to one of my favorite book, Robert Fulghum's All I Really Need To Know I Learned In Kindergarten. I did learn a few new things of late primarily from playing crosswords.
- Eero Saarinen was the architect responsible for the St. Louis Arch. Sure I was there twice and maybe even read his name on some plaque but now that it took me a few seconds to look him up in Wikipedia, the name will stick better in my memory. The clue wisely read Young Saarinen because Eero's father Eliel was the designer who influenced him in sculpture and furniture design. Eero, a name any crosswords makers must love. Chances are my sister in St. Louis knows all about him already.
- Eider is a type of seaduck. Supposedly, the quack is famous for its down (feather).
- A hasp is the metal plate, one end hinged, the other end usually rounded at the corners, and slotted in the middle for the thingamajig to pass through, through which a padlock's whatamacallit would then go through. The clue simply read padlock adjunct. I didn't solve it directly but rather through the connecting words. I had to look it up in the dictionary afterward.
- Ides, not to be thought of as the plural form of ide (whatever id is), is the middle of the month, in the Roman calendar, i.e. the 15th day for some month and some other day on shorter or longer months.
- for the nonce means for the time being. Never heard of that phrase before. Maybe I should go out more often. Of course, it could be just things that only happen in crosswords, such as some words in Scrabble. For the life of me, I can never fully understand the word qua or when to use it. I think the teachers in Snoopy movies say it all the time, usually five in a row.
03 February 2008
Yahoo!Games Daily Crosswords
It is interesting how one's opinion on a subject can be changed after one actually becomes more familiar with the subject. Some time ago when I was looking for software on the Mac to create crossword puzzles, in no time I came across online crosswords. I thought, "Why would anyone want to play crosswords online?" I thought of crosswords as something one do while waiting for the train or while commuting, just to while away the time. Usually you would not have a computer with you, so the idea of playing crosswords online just did not appeal to me.
Just a few weeks ago, the release of Flip Words 2 got me interested in computer word games all over again. At the end of the 60-minute demo, I wanted to play more word games. One game after another, I ended up at Yahoo!Games Daily Crosswords. It's just like your everyday newspaper puzzle that is not too hard. I play the standard level and the answers are just clicks away. Of course it is no fun if you use it too much, but there are times when, while doing the physical newspaper puzzle, I simply couldn't get it right. One disadvantage of not working in the office five days a week like most office grunts is that I don't get to pick up AM New York newspaper everyday. The Wife picks them up from time to time, but not always. Thus, a few times I would do most of the puzzle but simply did not know the very last answer because I would not have the next day's papers. With the online game, all that is history.
One thing I like about playing the daily game is that even if you are really hooked on it, there is only one game you can play per day. Getting hooked on other computer games may mean hours wasted trying to go past a certain level. Not so with the Yahoo! Daily Games. Of course, if I find myself waiting for the clock to strike midnight just to play a new game, then I will seek counseling right away...
Just a few weeks ago, the release of Flip Words 2 got me interested in computer word games all over again. At the end of the 60-minute demo, I wanted to play more word games. One game after another, I ended up at Yahoo!Games Daily Crosswords. It's just like your everyday newspaper puzzle that is not too hard. I play the standard level and the answers are just clicks away. Of course it is no fun if you use it too much, but there are times when, while doing the physical newspaper puzzle, I simply couldn't get it right. One disadvantage of not working in the office five days a week like most office grunts is that I don't get to pick up AM New York newspaper everyday. The Wife picks them up from time to time, but not always. Thus, a few times I would do most of the puzzle but simply did not know the very last answer because I would not have the next day's papers. With the online game, all that is history.
One thing I like about playing the daily game is that even if you are really hooked on it, there is only one game you can play per day. Getting hooked on other computer games may mean hours wasted trying to go past a certain level. Not so with the Yahoo! Daily Games. Of course, if I find myself waiting for the clock to strike midnight just to play a new game, then I will seek counseling right away...
Subscribe to:
Posts (Atom)
