Dec 14

Best file manager on Linux? Dolphin.

Need a powerful file manager on Linux?  Minimalism is so last decade.  Functionality is king and it needn’t look ugly either.  Look no further than Dolphin.  KDE’s file manager and it’s an absolute cracker of a file manager.  It’s nothing new as it’s been about a while.

My favourite feature, other than the split screen and integrated command line panel (so long as you install konsole as well as dolphin), is being able to pause multiple, individual in-flight IO operations.  This is great if you’re making multiple copies to a USB stick and want to queue up the individual copy requests so they’ll ultimately complete quicker.

It’s quite simply the best file manager I’ve ever seen.  All about functionality.

sudo apt-get install dolphin konsole

Dec 14

Notepad++ for Linux (Notepadqq)

Add yours and my favourite text editor (Notepad++) to your preferred Linux distribution (Linux Mint) using the following commands…

sudo add-apt-repository ppa:notepadqq-team/notepadqq
sudo apt-get update
sudo apt-get install notepadqq

Nov 28

Change Cisco MDS Admin password

Step 1 Use the show user-accounts command to verify that your user name has network-admin privileges.

switch# show user-account
this user account has no expiry date

Step 2 If your user name has network-admin privileges, issue the username command to assign a new administrator password.

switch# config t
switch(config)# username admin password <new password>
switch(config)# exit

Step 3 Save the software configuration.

switch# copy running-config startup-config
Full cisco documentation here (includes password recovery for lost passwords)
Nov 25

How to cable up VNX SP Ports (Dual Fabric topology)

So your VNX has two SP’s and you have two fabric switches.  You already know you have to connect each SP to each fabric for resilience, but you’re still a bit confused.  Fear not.  Use this as a guide.  It can be used no matter how many front-end port modules and SFP’s you have so that you get it right first time for all your designated Storage Ports, Mirrorview Ports, Sancopy Ports required for your project.  The FC Switch Ports you choose are not set in stone, but keep it the same on each side at least.

 What’s important is that the correct SP port, goes to the correct switch.

When you know you’ve got it right, you can get verify the WWN in Unisphere corresponds with the WWN logged in on the FLOGI database on the switch to check before you create the requisite fcaliases etc.


It’s much easier to build it right first time than sort it out afterwards.


Nov 07

Protect your Linux system by jailing your web browser

Your Linux system is inherently less vulnerable to attack than Microsoft Windows for a number of reasons.

  1. You’re less of a target to virus attack by being in the minority (Only 2.18% of people run Linux as their desktop operating system with most of those running a Debian derivative, the most popular being Linux Mint).
  2. You execute user processes as a non-privileged user (Remote code executing in your browser is not running in the context of a local Administrator account so has much less privileges to do potentially damaging things to your computer and data).
  3. Your Linux system is built entirely from packages obtained and installed from known, trusted repositories (No dodgy software downloaded from goodness-knows-where that may or may not be what you think it is.  The code of any given package undergoes constant scrutiny and improvements by the open source community.)
  4. There’s no marketing, advertising, ransom-ware or hidden agendas lurking in the operating system or the applications that are ultimately built by the people, for the people, and distributed to the people for free (feel the love).

Despite all these advantages, we live in the (dis)information age, and that means that the way to reach your users is through their web browsers.  So this next part should interest you.

…we live in the disinformation age, and that means the way to reach you is through your web browser.  So this next part should interest you.

How do I protect my web browser? (Firefox is the default web browser on Linux Mint -my OS and browser of choice)


  1. Enable the firewall (above)
  2. Once a new installation of Linux Mint is complete, I reboot, log on, Install all pending updates by typing sudo apt-get update && sudo apt-get dist-upgrade in a terminal window.
  3. Connect to my WiFi network, open Firefox and install the AdBlock Plus and uBlock Origin plugins.

And that’s it.  Or at least it has been until now, and in fairness it’s kept me safe since 2005.  I’ve never installed anti-virus software and never had a problem in over a decade.  AV products on Linux such as clam are usually for the benefit of Windows users on the same network or mail attachment scanning on Linux mail servers, neither of which is applicable in my home network environment.

Today though, I learned about something else.  The existence of firejail, -a program that “jails” certain other programs, and I really like what I see.

Like most Linux programs, it’s super quick to install with a quick sudo apt-get install firejail command in a terminal window and as easy to “use”.  In firejail’s case, you just edit the shortcuts of your existing launchers and pre-pend the command firejail

e.g. firefox %u becomes firejail firefox %u


By jailing the firefox process, it prevents the web browser from being able to access your system, quite literally.  Kind of like a firewall for processes rather than TCP/UDP ports, that only allows certain interactions with the rest of the operating system through.

For example, look what happens when trying to upload a picture I’ve saved to my Desktop to this very blog post…


The Desktop looks empty.  Nothing.  Blank.  No files or subfolders.  Yet my Desktop folder contains loads of images and other files and subfolders, as does my Pictures folder – same again, blank.  This is because firefox is jailed.  It can’t get out and into your filesystem.  Brilliant – and only a little inconvenient as it can still access my Downloads folder.  So if I want to upload a file, I just have a make a copy into my Downloads folder first using my File manager caja (which isn’t jailed).  Uploading to my Dropbox account using the web based interface would be a bit of a pain, but the Dropbox daemon running on my computer does all my file syncing anyway, so it doesn’t present a problem.  I don’t actually need to use Dropbox’ web interface.

This all works in accordance with the application profile in /etc/firejail/firefox.profile -there’s loads of them, not just for firefox but other internet/vulnerable programs like filezilla, transmission etc too.

Filezilla’s firejail profile on the other hand seems to be a lot more lenient and allows access to your home directory where you might wish to upload an entire folder structure to your web server.  You could always edit the filezilla.profile to harden it yourself I guess.

Whilst I found firejail in my repositories, I didn’t find the accompanying firetools package – a simple launcher that sits on your desktop.  It’s not really needed if you’ve edited your launchers to your favourite apps already and just allows you to add some additional programs to it and shows any running jailed processes if you’re interested in seeing that.  It places a convenient icon in your systray area too, for easy recall.





Oct 31

What groups am I a member of?

Need to know what groups you’re a member of in Active Directory, but don’t have access to AD Users and Groups management snap-in?  Try this command.  It may help to run cmd.exe as Administrator if that privilege is available to you, but may not be necessary.

gpresult /r

The output at the bottom will be something like this, along with any additional Global group names you’re a member of.


An alternative is whoami /groups which provides an output similar to this…


Note: whoami also works on Linux/UNIX systems.


Sep 07

Inject Everyone/Full Control ACE into NTFS Folder

Download SetACL.exe from here

Open a command line as Adminstrator (right click cmd.exe, run as admin)

setacl -on “C:\Private No Entry” -ot file -actn ace -ace “n:Everyone;p:full” -rec cont_obj -ignoreerr

The “Private No Entry” folder should now have Everyone, Full Control Permissions.


Jul 15

Install hevc codec for .mkv video on Linux Mint

Given how complete Linux Mint is out of the box, I’m surprised to have experienced this problem even after installing all extra codecs from the repositories after initial installation.

Upon attempting to play the latest .mkv episode of Silicon Valley, I received the following error in VLC Media Player.

“unable to decode hevc, there’s nothing you can do about this error”

Or words to that effect.  I’d include a screen-shot of the error but I’ve fixed it now, so am sharing the fix with you instead.  I’ll keep it succinct.

sudo apt-add-repository ppa:strukturag/libde265

sudo apt-get update

sudo apt-get install gstreamer0.10-libde265

sudo apt-get install gstreamer1.0-libde265

sudo apt-get install vlc-plugin-libde265

1 comment
Jun 22

RecoverPoint Journal LUN sizing

The Journal size is a question of the required protection window (a Business requirement) and the incoming write rate of the production application.  Whilst the Recovery Point Objective might be known, the incoming write rate of a newly deployed app may not be, making sizing of journal LUNs a bit “finger in the air”.  EMC provide a guideline value of 20% in this instance, but it has no real foundation.

The basic calculation is ( protection window in seconds * write rate in seconds ) / 0.7
The division by 0.7 is because roughly 70% of the journal is used for replication images.

For example, if the business requires 1 day of images and the average write rate by the application is 1MB/s you will need a minimum of about 125GB journal to support it.  RecoverPoint supports automatic journal LUN creation during configuration of a Consistency Group if you don’t have enough information to manually size the journal LUN up front.

During a recent deployment of RecoverPoint to support replication of LUNs to remote storage, solely for the purposes of failover, EMCs response was as follows.  Please note that in this scenario, there was no requirement for the “killer functionality” of RecoverPoint, namely point in time recovery using the journaled changes in Consistency Groups.  That’s not to say it won’t become a requirement later on however.

The Raid group in question would definitely be adequate to start replication, but whether it is enough to meet the business requirements, we cannot say.

Sizing aside, remember that it is very important to use a dedicated Storage Pool/RAID Group of physical disks that is entirely separate to ones used for your data LUNs and RecoverPoint Repository LUN.

Mar 07

Solaris Zones Essentials

Solaris Zones (aka Containers) are Solaris virtual machines (Non-Global Zones) running on an underlying Solaris host (The Global Zone), i.e.

-NON-GLOBAL ZONE-       -Can be a “Spars Root”, “Whole root”, or “Branded” zone.
—-GLOBAL ZONE—–       -The host OS
——HARDWARE——       -The “tin”

A NON-GLOBAL ZONE is a virtual machine and can be a “Spars Root”, “Whole root”, or “Branded” zone.
A SPARS ROOT ZONE shares parts of the GLOBAL zone (host’s) filesystem, usually in a read-only manner, i.e. if you patch the GLOBAL ZONE, you’ll patch the spars root zones too.
A WHOLE ROOT ZONE takes 100% copy of GLOBAL zone and is therefore 100% independent of it.
A BRANDED ROOT ZONE allows for an entirely different version of Solaris to be installed, and is also 100% independent and different to the GLOBAL zone running on the underlying hardware.


ifconfig      -List network cards and decide what ones you want to use for the non-global zone


zonecfg -z <zone-name>      -Configure system for new zone and write configuration file to /etc/zones/ on GLOBAL zone.
“No such zone configured, use create to create zone”
zonecfg:appserv3> create
zonecfg:appserv3> set zonepath=/zone2/appserver2
zonecfg:appserv3> add net
zonecfg:appserv3:net> set physical=el1000g0      -Use ifconfig to choose from list of NICs.
zonecfg:appserv3:net> set address=
zonecfg:appserv3:net> end
zonecfg:appserv3> info               -Lists all input settings, including names of settings not specified.
zonecfg:appserv3> verify            -Verify settings are viable
zonecfg:appserv3> commit        -Save changes to /etc/zones/<zone-name>.xml
zonecfg:appserv3> exit               -Exit zonecfg


zoneadm -z <zone name> install      -Install new zone.  Takes a while.


zoneadm list -cvi     -List info about zones installed on system.


zoneadm -z <zone-name> boot      -Boot new zone


login -z login -C -e [ <zone-name>      -Login to zone, Provide system info (C)onsole. Escap(e) character [
zlogin -C -e [ <zone-name>                   -Alternative login command.
“Console is already in use by PID ####” -kill -9 ####


It’s possible to get trapped in the zone if you select the wrong terminal type.

To overcome this, start another session to the GLOBAL zone, attempt to log back into the NON-GLOBAL zone
and it’ll tell you the PID of the session. Kill that session. kill -9 <PID>


zoneadm list -vci                                       -List all non-global zones
zoneadm -z <zone-name> halt              -Shut down the non-global zone
zoneadm -z <zone-name> uninstall     -Uninstall the non-global zone
zonecfg -z <zone-name> delete             -Delete the non-global zone