Can you spell cacophony?

No, not that sort of time machine (though I do happen to like the TARDIS, and the DeLorean and HG Wells’ as well, but that’s another conversation).

No, I’m talking about Time Machine, the backup-made-so-simple-any-idiot-can-do-it software that comes with Mac OS X (10.5 and above). I won’t bore you with the details of what it is and how it works, you could find that out for yourself if you are so inclined. Instead, I’ll share why I like it so much and few extra comments.

I’m not any idiot (as referred to above), but I am a particular kind of idiot. I know the importance of backups (having desperately needed one on a number of occasions) and usually manage to keep up a good routine. The key word there is “usually”. A backup that doesn’t happen every time it is supposed is only fractionally better than no backup at all.

Time Machine (when your Mac is attached to its backup drive) backs up every part of your system every hour. Without fail. When you combine that with a wireless network-connected Time Capsule you are on to a sure winner.

Here’s what I do: I have the Time Capsule at the hub of my network (connected to printers etc) and two Macs elsewhere in the house. They get their files backed up automatically to the 1TB hard drive. Right now the oldest backups on the drive are about 3 or 4 months old and these gradually get deleted as newer ones take up more space.

Once a month, I bring home another external USB drive (which lives in the safe at work). I attach it to one of the Macs and change the Time Machine preferences so the backup is made to the USB drive. Of course, the incremental backup takes a bit longer (not having been done for a month) but it is still relatively fast and very, very easy. Repeat the process on the other machine, switch the prefs back so that the Capsule is used again, take the drive back to work and we are done.

So what I have is a local network drive with almost complete backups on it and a spare backup off-site with backups no more than a month old. If we have a hard drive failure or a broken computer, then we restore from the local backup and lose nothing. If we get broken into or our house burns down and lose everything, then we’ve got years’ worth of data safe off site and we lose at most one month’s worth.

Yes, I could do this better. My data could be even more secure, but I think this method is an acceptable blend of security vs effort. And apart from my once-a-month secondary backup, it is as good as automatic.

So, I’ve just got two thoughts on Time Machine to leave you with:

1. This really is a killer app. Time Machine is a good enough reason on its own for you to get yourself a Mac. Seriously. I switched to Mac just before Leopard came out, but when I saw how Time Machine worked, I realised I would have swapped just for that. Setting up a computer for your parents or I-just-use-a-computer friends and co-workers? Get them to get a Mac and watch them never worry about backups.
2. Why on Earth has no one done anything this good for Windows or Linux? Time Machine is over 2 years old. It doesn’t usually take this long for the me-too programs to arrive. Does Apple hold some super-sensitive patent that is preventing anyone from doing it? Inquiring minds want to know.

And that’s it. Thanks Apple. Thanks Time Machine.

After the failure of a [JetDirect][1] server on one of [our][4] workgroup printers, I purchased a [NetGear PS101][2] mini print server to replace it. We have had joy with a similar D-link machine on another printer, so I was confident this would work.

It did work, but not without some fiddling around.

To start with, the server management software would not install on our Windows 2003 domain server. I didn’t chase down why because I didn’t want to have to use it anyway. It had something to do with the 16-bit subsystem. But it was a bad start.

Thanks to [this thread on the netgear forums][3] I was able to get things working to my satisfaction, and without having to use the print server software. Here’s the summary.

1. Discover the IP address the DHCP server had allocated to the print server, log into the web interface and then set a permanent IP address.
2. Go to Printers and Faxes and “add a new printer”. When asked for a port, create a new one.
3. Choose “standard tcp/ip port”
4. Set the IP address to the one you fixed.
5. Do not try to select a particular print server or network card, just use the “choose generic network card” option.
6. Finish creating the printer as normal.
7. Go to the properties of that printer, go to the Port tab and then select “port properties” of the port you created.
8. Set the protocol to LPR, make the queue name “L1″ and enable “LPR byte counting”.
9. It took me a while to realise this, but I needed to reset the printer before continuing. Check the status page of the online management and if you see “offline” or something similar then a reset will probably solve that problem.

This took far too long to sort out today. When I installed the D-link earlier this year it only took minutes. But it is working now and is likely to stay that way. Good.

[1]: http://www.hp.com/go/jetdirect
[2]: http://www.netgear.com/Products/PrintServers/WiredPrintServers/PS101.aspx
[3]: http://forum1.netgear.com/showthread.php?t=2746
[4]: http://wonguthacaps.wa.edu.au

I switched to a Mac late last year (traded a Powerbook for a Compaq Presario) and immediately started being jealous of all the owners of newer Macs with their intel chips. Specifially, I wanted VMware fusion so that I could run those select few windows apps I have yet to find reasonable mac substitutes for.

So when I bought a new MacBook Pro recently, I made sure I got a copy of Fusion at the same time. It works as advertised and has been very useful.

Unfortunately, I decided to use my Boot Camp partition as my Windows VM, which was a bad choice as far as convenience is concerned. It is not possible to “suspend” the VM, so starting up Fusion to quickly run Solitaire is not all that simple… It has to wait for Windows to boot.

Today I decided to start a new virtual machine, and it has made a great difference. After suspending the machine before closing Fusion, starting Solitaire from its dock icon takes less than 10 seconds. That’s not much more than a native app.

OK, here’s to the point of this post… I don’t use the dock much. According to all the help docs I could find, when a windows app is running in Unity mode, its icon shows up on the dock. Ctrl-click and then choose “keep in dock” and you have your shortcut. That’s great if you use the dock. I don’t as a rule. I use Quicksilver normally and sometimes just Finder.

So here is my solution:

1. Have a look in the Finder for your VM. Normally it will be in ~/Documents/Virtual Machines. Ctrl-Click and “show package contents”.
2. See there… a folder called Applications! As far as I can see, that contains links for all the programs you have previously run in Unity mode.
3. Go to Quicksilver preferences. Under catalogue, add your VM directory. In my case it was “~/Documents/Virtual Machines.localized/Windows XP Professional.vmwarevm”.
4. Wait for a rescan and away you go. (If an app isn’t in the catalogue, run it at least once manually: either from the VMware dock icon or menu bar).
6. Alternatively, you could just find the shortcut in the directory above and create an alias somewhere useful (eg Desktop).

I am looking forward to having much more convenient access to all my (fortunately few) indispensible Windows apps. (there’s a topic for another post)

At Wongutha CAPS, where I am the sysadmin-by-default, our accounts people use Quickbooks 2002.

At the end of last year, we upgraded our network to a whole bunch of lovely new desktops and a super-duper Windows 2003 server (replacing our old NT4 server). Thanks to Google search and Microsoft TechNet I have been able to come somewhat to grips with Active Directory and even managed to set up a few useful Group Policies.

I have also managed to set up appropriate levels of access for most of the users, so that we haven’t simply had students with low level access and almost all the staff as administrators!

Unfortunately, Quickbooks managed to throw me a curly one in the form of this error:

User Access Rights Problem: Your user account for Windows was created with restricted access to system resources. This will prevent Quickbooks from operating properly. Please contact your system administrator and ask him or her to grant you standard user rights.

I searched high and low for a solution to this problem without joy. Eventually, when pushed by higher priority jobs, I just made all the users of Quickbooks administrators (against my better judgement…) and left it for later.

Later came, and I order a trial version of QB 2007, which I hoped might have solved this problem.

It didn’t. Back to the google drawing board.

I did find a fairly convoluted hack that involved making a QuickBooksUser group, and changing permissions on certain directories and registry keys to allow this group full access. I couldn’t get it to work with group policy, and it just seemed a bit unreliable.

So. I thought outside the box for a minute (which is very much against my normal nature ) and came up with this partial solution: I created the QuickBooksUser group as above, but rather than try to fiddle all the keys and directories, I simply made that group a member of the local (NB: Local, not domain or global) administrators group on the boxes that had quickbooks installed, like this:

In control panel, go to User Accounts, and then select the Advanced tab, and click the Advanced button. This brings up the “Local Users and Groups” dialogue. On the right, open Groups, and then double-click on Administrators. You can then click “Add” and type in QuickBooksUsers and OK all the way…

So to describe this another way: All the users who need to use Quick Books, when they log on to one of the computers that has it installed, are made into Administrators while on that computer ONLY. Yes, this is a security flaw in that I have given them permissions that they need not have. However, they are limited to doing bad things on that computer only.

So I feel I have limited the risks, while still allowing necessary use of an important program, without giving them full domain admin rights.

In other news: this has solved another problem that I have had. Many staff members have their own notebook computers. By me not giving them full administrator privileges, they are limited in their ability to install programs, run certain programs and generally managed their own PCs (all of which are used for personal as well as school business).

My existing solution has been to set them up a local account on their computer, give it admin rights, and teach them how to use the “run as” command. Worked sometimes, but not a seamless solution.

This new trick works perfectly well for this too… Just search for the individual user whose computer it is, and add them to the Administrators group. And there you go, they can trash their own computer to their heart’s content, without me putting the whole domain at risk!