Dear Readers,

I’m sorry to have to interrupt the fascinating accounts of my summer holidays, but I feel it is my beholden duty to recount my sorry encounter with the fucking dimwits at VirginMedia Broadband.

Having driven back home from Gloucester in a respectable 5 hours, 19 minutes and 35 seconds, I was looking forward to rejoining the 21st century and connecting to the internet at a speed rather faster than the 9 kbps on offer at The Premier Inn just outside Gloucester. But no, VMB had decided to have a massive network failure. My cable modem was not providing me with an external IP address and after having tried all the usual methods open to an IT professional such as myself, blessed with excellent deductive reasoning powers and skilled problem solving abilities – e.g. switching everything off and on again – it was clear that I could not connect to the internet. I resorted to the last refuge of the desperate – I called VMB helpdesk – this was my first mistake.

Having pressed enough random keys on my telephone to direct their help system and provide me with a good stab at this week’s lottery numbers, I heard an automated voice recount there was a problem in Edinburgh. I should have put the phone down at this point. Stupidly I thought I would confirm the problem with a human being and ask when it might be resolved. This was my second mistake.

The voice on the other end was distinctly sub-continental. I provided my account name and details, and was told there was no problem in my area. This was in direct contradiction to the recorded message I had just listened to and the facts. Why else would I be calling?

I had previously switched everything off and on. This saved myself and the script reader at the end of the phone 10 minutes of dithering and the first 3 pages of his script. He asked me whether I was connected to my wireless router? I told him that I was connected on a wired connection to my wired router with my netbook. He asked me to open Internet Explorer. WTF? Who the fuck uses IE?

I told him that I’m in IT, I know what I’m talking about and that I don’t use IE. I told him that I use Linux as it’s better in just about every way. This was my third mistake. No sooner were the words out of my mouth than I regretted uttering them. I knew what he would say next. I WAS RIGHT.

“I’m sorry Sir, VirginMedia does not support Linux.”

“You don’t have to support Linux, the operating system at my end does not matter, you have to provide me with an IP address and a connection so that I can reach the internet.”

“I can’t help you Sir.”

“Would you like me to connect a Mac to your cable modem?”

“Yes Sir, we support Macs.” In other words you have a script for handling Macs.

So after 20 minutes of restarting the cable modem, the Mac, releasing and renewing DHCP leases I was still not getting out.

I asked for an engineer to come out and see what the issue was with their cable modem and to bring a replacement.

“I’m sorry Sir, the problem is at your end, we have no reports of faults in your area and your cable modem is responding and functioning correctly. I cannot send you an engineer or a new modem.”

At this point I lost it.

I told him again what I had done. I told him again that I worked in IT. I told him again that I was not getting an IP address. He offered not one bit of help, even when I threatened to remove my business elsewhere. Nothing. I demanded to speak to his manager.

She too was located in the sub-continent and was reading a script. I gave up. Miraculously I did not swear in the entire 1 hour 20 minutes I was on the phone to these two idiots.

I checked the service status on VM’s site, using the only connected device I had available, my BB’s browser. Sure enough, Edinburgh was hit by a severe outage, which had started yesterday and would not be fixed until this evening, some 20 hours since first reported. Clearly the dotard script-readers at the other end of the world, had not been told that, despite the fact they could see my cable modem. I gave up again.

I switched everything off and on again and went off to clean my flat.

Four hours later, I was back on line. So bang goes their “No fault” theory.

So if the bearded one is listening, here Mr. Branson are some pointers:

1. Move the call centre back to the UK.
2. Make sure that if one part of your organisation knows there is a fault please tell the all the rest, even if they are on the sub-continent.
3. Provide the script readers with Linux skills. It will help them with Windows.
4. Try and employ people who can think outside the box, even if they have to work in one.
5. Take a shave.

What a great treat to come back home to! Fuckers.

I’m enjoying the sight of a squirming Apple, as they vainly try to limit the damage to their brand and the iPhone. Holding the iPhone 4 “in the wrong way” and thereby causing it to drop calls is according to Steve Jobs,

“Not unique to the iPhone 4.”

BOLLOX!

I’ve never had to hold a Nokia, a Sony or an Ericsson in a special way or with my “Apple Approved iCase” to get my device to work as it should.

Live by marketing – die by marketing (or liver failure…)

Stephen Fry is back on Twitter….

Are you havin’ a laugh?

iPad prices….

16GB, wi-fi only – £429 inc vat
32GB, wi-fi only – £499 inc vat
64GB, wi-fi only – £599 inc vat
16GB, wi-fi/3G – £529 inc vat
32GB, wi-fi/3G – £599 inc vat
64GB, wi-fi/3G – £699 inc vat

I’ll stick with my HP netbook and iPod Touch. The price I paid for both is still less than the 4 most expensive iPads and at least one of my devices can run flash.

I’ve just upgraded both my ThinkPad T43p and my HP workstation to the latest version of Ubuntu, 10.04 LTS – “Lucid Lynx.” First to upgrade was the HP box in my bedroom and this was accomplished while running the synaptic updater and watching an episode of 24 in Xine. Try that in Windows.

A restart later and I was into the new version and I noticed a huge speed increase! Canonical must really have tightened the code on many packages, it was supremely fast.

The new default theme was pleasant also, having clearly moved away from the orange and brown look of previous versions. After mucking about I was looking at this, which is about as Mac OS X-lilke as you can get wihtout actually running a Mac. This was actually too Mac-like for me and I’ve reverted to a more toned down appearance.

The only minor flaw in the entire upgrade process was that Ubuntu have moved each window’s buttons to the left hand side rather than the right where every Linux and Windows user expects them to be. The left is another Mac’ism. This command reverts the buttons to their more familiar location.

gconftool-2 –set /apps/metacity/general/button_layout –type string “:minimize,maximize,close,”

Encouraged by the smoothness of the upgrade at home, I applied it to my ThinkPad, used for work. There were some initial glitches with Compiz and a couple of weird screen redraws but this settled down after a reboot, a manual apt-get update/ugrade which also resolved a Wine 1.2 clash with a Wine 1.0.

One final piece of good news, the 2.2.6.7 version  of the NCPFS connects correctly to my work NetWare servers with an NCP mount command like this:

ncpmount -S it -A it.leith.co.uk -U davidwatson.it.group -u davidw /mnt/it

The previous version had a bug which meant that you had to remember to uncheck the update so as to retain the package two versions back. All is good.

This weekend I’ll upgrade the netbook with the UNR version.

My local MP – Mark Larazowicz voted against the idiotic Digital Economy Bill in the pre-election wash up session. To be honest he was probably going to get my vote in any event, but I now feel vindicated and justified.

Well done Mark!

After quite a lot of internet research today, this is probably the most efficient and reliable way to lock SFTP users to their home directories using Linux and specifically Ubuntu Server 9.10 and OpenSSH 5.1.

Let’s assuming you have Open SSH installed and running, as well as that most helpful admin tool, webmin, although of course an SSH connection to the server will do just as well.

The first step is to amend your SSH demon’s config to use the internal sftp mode. Use your favourite text editor or the edit config option in webmin to rem the first line and add the second.

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp

You are best to create users from scratch if you want to provide them with only sftp access to their own directory. This is because you want/need to make the users accounts system accounts rather than ordinary accounts. The difference being that system accounts are used for processes and demons and have no file access privileges so as to provide a more secure OS. The following steps will create users who can only connect via sftp and only have rights to the directory you specify.

sudo mkdir /home/username
sudo useradd username

Note you have used “useradd” and not the more familiar “adduser.” The former is more low level and does not automatically create home directories and full details.

As SFTP uses the SSH demon, we need to set the user’s home directory to be owned by root, that the group ID is the same as the user name and the root alone has write permissions. The last line forces the default home directory.

sudo chown root:username /home/username
sudo chmod 755 /home/username
sudo usermod -d /home/username username

Give the user a password if you have not already done so and lock them down further by prohibiting any form of shell access:

sudo passwd username
sudo usermod -s /bin/false username

You can conduct both these steps in the user section of webmin if you are more comfortable there.

So let’s recap, we have set up the server and user as follows:

• Amended your OpenSSH server to use internal SFTP
• Created a user and given him a password and a forced home directory
• Set the home directory to be owned by root and in a group with the user’s name
• Made root the only user with rights
• Prevented the user having shell access

We now need to configure the OpenSSH server to work specifically with the new user and their directory.

Edit /etc/ssh/sshd_config in a text editor or webmin and include the following lines at the end of the file:

Match User username
ChrootDirectory /home/username
ForceCommand internal-sftp

This locks the user to his home directory as specified above and forces him to use the internal sftp commands. You could add lines to block TCP forwarding and prevent X sessions.

X11Forwarding no
AllowTcpForwarding no

As an aside, you can chroot a group of users to their home directory by adding these lines to your config file.

Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Back to our single user example. You’ll remember that up til now we have only provided him with 755 (read) access through the group with his name. If we create a sub-directory in his home directory we can give him full rights.

sudo mkdir /home/username/folder
sudo chown johndoe:johndoe /home/username/folder
sudo chmod 755 /home/username/folder

Finally restart your SSH server in webmin or at CLI

sudo /etc/init.d/ssh restart

Test file rights and scope of access through a terminal session, putty or Tunnelier if you happen to have to use windows.

No not the wrong time of the month, but my new favourite app for the iPod Touch / iPhone. This has simply compelling gameplay and is highly addictive. It’s the best 59p I’ve ever spend. If you have an iPod Touch or iPhone do yourself a favour and get it.

The premise is you are the birds and you have to avenge the green pigs who stole your eggs. You do this by launching yourself kamikaze style at houses containing the pigs. There are loads of levels and once you have worked through them you can revisit them trying to score perfect points and be awarded three stars.

I’m addicted at this perfect mix of mindful destruction and puzzle solving.