F11 and F12 over serial

Posted on June 19, 2015June 19, 2015 by Andy

I always seem to forget this one.

To pass F11 or F12 over a serial connection (either real serial or Serial-over-LAN IPMI), it’s Escape followed by ! (Shift+1) or @ (Shift+') respectively.

Note that on a US keyboard ! and @ would be next to each other above the 1 and 2 keys so that would make some vague kind of sense as alternatives to F11 and F12. But it’s literally the @ that matters and since I’m using a UK keyboard then it is Shift+'.

(╯°□°）╯︵ ┻━┻)

Fun with Supermicro motherboard serial headers

Posted on June 19, 2015January 22, 2018 by Andy

Contents

or, “LOL, standards”

Update

Are we sitting comfortably?

or, “LOL, standards” ^

TL;DR: Most motherboards have a serial header in an IDC-10 (5×2 pins) arrangement with the pins as a row of even numbered pins (2,4,6,8,X) followed by a row of odd numbered pins (1,3,5,7,9). Supermicro ones appear to have the pins in sequential order (6,7,8,9,X and then 1,2,3,4,5). As a result a standard IDC-10 to DB-9 cable will not work and you’ll need to either hack one about or buy the Supermicro one.

Update ^

A comment below kindly points out that Supermicro actually is using a standard header pinout, it’s just that it’s a competing and lesser-used standard. It’s apparently called Intel/DTK or crossover, so that may help you find a working cable.

Are we sitting comfortably? ^

I bought a Supermicro motherboard. It doesn’t have a serial port exposed at the back. I like to use serial ports for a serial console even though I am aware that IPMI exists. IPMI on this board works okay but I like knowing I can always get to the “real” serial port as well.

The motherboard has a COM1 serial header, and I wasn’t using the PCI expansion slot on the back of the chassis, so I decided to put a serial port there. I bought a typical IDC-10 / DB-9 cable and plate:

Didn’t work. Serial-over-LAN (IPMI) worked alright. On COM1 I would get either nothing or a run of garbage characters from time to time. I wasted a good number of hours messing with BIOS settings, baud rates, checking if my USB serial adaptor actually worked with another device (of which I only have one in my home), before I decided to sit down and check the pin numbering for both the header and the cable.

Looking at the motherboard manual we see this:

And the cable?

Notice anything amiss?

The cable’s pins go in a row of odd numbers and then a row of even numbers:

2 4 6 8 X
1 3 5 7 9
    -

The X is the missing pin (serial uses 9 pins) and the - indicates where the notch for the connector would be: next to pin 5 in this case.

The header’s pins go in sequential order:

6 7 8 9 X
1 2 3 4 5
    -

As a result all but pin 1 are incorrect.

You actually need a Supermicro cable for this. CBL-0010L is the part number in my case. CBL-0010LP would be the low profile version. Good luck finding it mentioned on Supermicro’s site, but your favourite reseller will probably know of it. As it was I found one on Ebay for £1.58+VAT, and it works now.

After knowing what to search for I also found someone else having a similar issue with a Supermicro board.

You could of course instead hack any existing cable’s pins about or fit an adaptor in between (as the person in the above link did).

Thanks Supermicro. Thupermicro.

OneRNG kickstarter arrived!

Posted on June 6, 2015June 6, 2015 by Andy

My OneRNG kickstarter arrived today. I had five units, so I chose three external models and two internal ones. The finish of the external model isn’t really up to the quality of an Entropy Key. Here’s a picture of them together.

Given that the external model looks rather flimsy — I could imagine it getting snapped in half if someone bumped into it — I think I’d probably prefer the internal model in practice. Here’s what that looks like:

The three different connectors are to try to ensure you can find a useful connection angle no matter how your motherboard’s internal USB headers are laid out.

I haven’t yet plugged them in to check out how they work. This is probably going to have to wait a few weeks as I have quite a lot on.

Assuming they work about as well as the Entropy Keys then I only need to keep two of these for myself, so if anyone wants one I would be willing to sell it on to you at cost plus postage.

Currently not possible

Posted on October 12, 2014October 12, 2014 by Andy

On Thursday 9th, after weeks of low-level frustration at having to press “close” on every login, I sent a complaint to Barclays asking them to stop asking me on every single login to switch to paperless statements with a dialog box that has only two options:

This morning they replied:

Please be advised that it is currently not possible for us to remove the switch to paperless statements advert.

So, uh, I suppose if you’re a web developer who thinks that it’s acceptable to ask a question on every login and not supply any means for the user to say, “stop asking me this question”, there is still a job for you in the banking industry. No one there will at any point tell you that this is awful user experience. They will probably just tell you, “good job”, from their jacuzzi full of cash that they got from charging people £5.80 a month to have a bank account, of which £0.30 is for posting a bank statement.

Meanwhile, on another part of their site, I attempt to tell them to send me letters by email not post, but the web site does not allow me to because it thinks I do not have an email address set. Even though the same screen shows my set email address which has been set for years.

After light mocking on Twitter they asked me to try using a different browser, before completely misunderstanding what I was talking about, at which point I gave up.

“My IP is blocked by a repressive regime, can I have a different one?”

Posted on July 7, 2013July 8, 2013 by Andy

I asked this question on Twitter yesterday and got a wider range of responses than I expected, although from a limited number of people. So I wondered what others would think.

Say you sell virtual machines and a customer says:

My service allows journalists and others inside repressive regimes to get their stories out. My IP address is being blocked by one of these repressive regimes. Can you switch it for another one?

Would you grant that request?

Assume you have never heard of their service or anyone that uses it, have no independent verification of what whether they are saying is true, and haven’t yet looked for any.

Responses so far could roughly be grouped as:

2x “Yes; it’s a reasonable request and other networks’ policies are their own business”
2x “Yes; once, but check it’s not some global spam blacklisting issue”
3x “Yes; but charge them for your time each time they ask for this”
2x “No; you’ll end up with all your IPs blocked, which may affect other customers”
1x “No; tell them to use a cloud with a constantly-changing IP address” (involves me losing the customer)

What would you do?

Scanning for open recursive DNS resolvers

Posted on January 11, 2013March 23, 2015 by Andy

A few days ago we unfortunately had some abuse reports regarding customers with DNS resolvers being abused in order to participate in a distributed denial of service attack.

Amongst other issues, DNS servers which are misconfigured to allow arbitrary hosts to do recursive queries through them can be used by attackers to launch an amplified attack on a forged source address.

I try to scan our address space reasonably often but I must admit I hadn’t done so for some time. I kicked off another scan and found one more customer with a misconfigured resolver, which has since been fixed.

After mentioning that I would do a scan I was asked how I do that.

I use a Perl script I’ve hacked together over the last couple of years. I took a few minutes to tidy it up and add a small amount of documentation (run it with --man to read that), so here it is in case anyone finds it useful:

Update: This code has now been moved to GitHub. If you have any comments, problems or improvements please do submit them as an issue and I will get to it much quicker. The gist below is now out of date so please don’t use it.

#!/usr/bin/perl use warnings; use strict; use Net::IP; use Net::DNS; use IO::Select; use Getopt::Long; use Pod::Usage; my $verbose = 0; my $help = 0; my $man = 0; my $at_once = 100; my $retries = 2; my $timeout = 1; my $fqdn = 'www.xyzzy.net'; GetOptions( 'verbose|v' => \$verbose, 'help|h|?' => \$help, 'man' => \$man, 'queries|q=i' => \$at_once, 'retries|r=i' => \$retries, 'timeout|t=i' => \$timeout, 'fqdn|f=s' => \$fqdn, ) or pod2usage(2); pod2usage(1) if ($help); pod2usage(-exitstatus => 0, -verbose => 2) if ($man); my %state; my $range = $ARGV[0]; if (not defined $range) { print STDERR "Expected IP range as first argument\n"; pod2usage(2); } if (! sanity_check($fqdn)) { print STDERR "Can't seem to resolve '$fqdn' from here." . " Does it still exist and is the local nameserver working? Pick" . " another FQDN with --fqdn if you need to.\n"; exit 1; } my $ip = new Net::IP($range); if (not defined $ip) { print STDERR "That ($range) doesn't look like a valid IP range\n"; pod2usage(2); } my $sel = IO::Select->new; my $queried = 0; my $start = time(); logger("Launching queries against " . $ip->print . ", $at_once at a time..."); $ip = launch_queries($ip, $sel, $at_once); if ($verbose) { logger("Got " . $sel->count . " queries in flight..."); } my @ready; # All the sockets we're waiting on are kept in %state. while (keys %state) { @ready = $sel->can_read(2); if (@ready) { # There's some sockets ready to read. foreach my $sock (@ready) { handle_result($sock); $queried++; # Now it's been read, get rid of it. $sel->remove($sock); $sock = undef; if ($verbose) { logger((scalar keys %state) . " queries remain"); } } } else { # There's nothing ready to read, so do a check to see if any of them # have been waiting around for too long, in which case get rid of them. my $now = time(); foreach my $sock ($sel->handles) { if ($now - $state{$sock}{when} > ($timeout * 2)) { my $their_ip = $state{$sock}{ip}; if ($verbose) { logger("Query for $their_ip timed out"); } $queried++; $state{$sock}{dns} = undef; $sel->remove($sock); delete $state{$sock}; } } if ($verbose) { logger("Timed out waiting for DNS results - " . (scalar keys %state) . " queries remain"); } } # Launch some more queries if necessary. $ip = launch_queries($ip, $sel, $at_once); } logger("$queried IPs queried in " . (time() - $start) . "s"); exit 0; # Launch DNS queries. # # ip - Net::IP object to work on # sel - IO::Select set to add sockets to when the query is launched # at_once - How many queries to have in flight at once sub launch_queries { my ($ip, $sel, $at_once) = @_; while ($ip and ($sel->count < $at_once)) { check_resolver($ip, $sel); $ip++; } return $ip; } # Launch a query against a single IP address. # # ip - the Net::IP object to test against # sel - the IO::Select set to add the socket to sub check_resolver { my ($ip, $sel) = @_; logger("Checking " . $ip->ip . "...") if ($verbose); my $dns = new Net::DNS::Resolver; # Use only this nameserver. $dns->nameservers($ip->ip); # Do recurse. $dns->recurse(1); # Ignore any search list. $dns->dnsrch(0); # Don't append anything to the end. $dns->defnames(0); # Allow 1 second retransmit. $dns->retrans($timeout); # Allow 2 retries. $dns->retry($retries); # Go. my $sock = $dns->bgsend($fqdn, 'A'); # Record the IP address, Net::DNS::Resolver object and starting time # against this socket. $state{$sock}{ip} = $ip->ip; $state{$sock}{dns} = $dns; $state{$sock}{when} = time(); $sel->add($sock); } # Read a DNS response from a socket that is ready. # # sock - the socket to read. sub handle_result { my ($sock) = @_; if (not exists $state{$sock}) { die "Socket $sock somehow is not present in our state hash"; } # Look up the IP address and Net::DNS::Resolver object corresponding to # this socket. my $ip = $state{$sock}{ip}; my $dns = $state{$sock}{dns}; my $packet = $dns->bgread($sock); # If there's an immediate failure then the packet will be undef. The packet # might also be empty. Both of those are okay, but if there i any sort of # response other than that then it's probably an open resolver. if (defined $packet and $packet->answer) { print "!!! Got answer from $ip - possible open resolver!\n"; $packet->print if ($verbose); } else { logger("No answer from $ip") if ($verbose); } # Delete from state now we're finished with this socket. $state{$sock}{dns} = undef; delete $state{$sock}; return $packet; } sub logger { my ($msg) = @_; print STDERR "# ", scalar gmtime(), "| $msg\n"; } # Check that the FQDN that we're going to query is actually visible on the # Internet, otherwise this will be a waste of time. sub sanity_check { my ($fqdn) = @_; my $dns = Net::DNS::Resolver->new; my $query = $dns->search($fqdn, 'A'); return $query; } __END__ =pod =head1 NAME find_open_resolvers.pl -- Finds open DNS resolvers inside a given IP range =head1 SYNOPSIS find_open_resolvers.pl [options] [IP range] Options: --queries simultaneous queries to perform (100) --retries number of retries of DNS query (2) --timeout timeout for DNS query in seconds (1) --fqdn Fully Qualified Domain Name to query for (www.xyzzy.net) --verbose be verbose --help display brief help --man display full man page IP range Range of IPv4 or v6 addresses =head1 OPTIONS =over 4 =item B<IP range> B<Required>. Range of IPv4 or IPv6 addresses to check for open resolvers. Will iterate through them one by one. Accepts: =over 4 =item * A single address (192.168.0.1) =item * A CIDR range (192.68.0.0/24) =item * A range, enclosed in quotes, specifying start to finish ('192.168.0.4 - 192.168.1.2') =back =item B<-q>, B<--queries> How many simultaneous DNS queries to be working on at any one time. Defaults to 100. =item B<-r>, B<--retries> Number of retries to perform for each DNS query in the event of no response. Defaults to 2. =item B<-t>, B<--timeout> How long in seconds to wait for a response from each DNS query. Defaults to 1. =item B<-f>, B<--fqdn> Fully Qualified Domain Name (i.e., a host name) to query for. Should be something that no IP address is likely to be an authoritative DNS server for. Defaults to 'www.xyzzy.net'. =item B<-v>, B<--verbose> Operate verbosely. =item B<-h>, B<-?>, B<--help> Display a brief help message. =item B<--man> Display documentation in manual page format. =back =head1 DESCRIPTION Pings off a bunch of DNS queries against every IP address in the specified range in order to see if any of them are likely to be open DNS resolvers. Every IP address in the range is tested in batches of (by default) 100 in a select loop. Testing large ranges may take a very long time. By default this queries for the FQDN 'www.xyzzy.net' which is an arbitrary choice that is unlikely to be authoritatively served by any target IP. Should a target IP return actual results for this FQDN then it is likely to be an open recursive resolver. If 'www.xyzzy.net' no longer exists in the global DNS then you may wish to specify another FQDN. =head1 AUTHOR Andy Smith <andy@bitfolk.com> =head1 COPYRIGHT AND LICENSE Copyright © 2012-2013 Andy Smith <andy@bitfolk.com>. This program is free software; you can redistribute it and/or modify it under the terms of the Perl Artistic License. =cut

Using the default 100 concurrent queries it scans a /21 in about 80 seconds (YMMV depending upon how many hosts you have that firewall 53/UDP). That scales sort of linearly with how many you do, so using -q 200 for example will cut that down to about 40 seconds. It’s only a select loop though so it’ll use more CPU if you do that.

Two things I’ve noticed since:

It doesn’t handle failing to create a socket with bgsend so for example if you run up against your limit of file descriptors (commonly ~1024 on Linux) the whole thing will get stuck at 100% CPU.
One person reporting a similar situation (bgsend fails, stuck at 100% CPU) when they allowed it to try to send to a broadcast address. I haven’t been ale to replicate that one yet.

Strategies for talking to Labour MPs about the draft Communications Data Bill

Posted on July 2, 2012July 13, 2012 by Andy

Dear Lazyweb,

I’m thinking of having a conversation, face-to-face, with my MP about the draft Communications Data Bill. I’ve already done some research on the logical and moral reasons why the bill is a terrible idea. I feel pretty confident in how I can articulate those points.

My MP is a Labour MP though, so I am wondering what additional points I can bring up that will appeal to the Labour party. I’m hoping that those of you who aren’t going to write to or visit your MPs would instead be willing to lazyweb me some advice.

Most obviously there is the fact that Labour is in opposition so anything they can say to criticise the coalition government is a good thing for them.

On that score, we have the following ace in the sleeve:

Labour have subjected Britain’s historic freedoms to unprecedented attack. They have trampled on liberties and, in their place, compiled huge databases to track the activities of millions of perfectly innocent people, giving public bodies extraordinary powers to intervene in the way we live our lives. The impact of this has been profound and far-reaching. Trust has been replaced by suspicion. The database state is a poor substitute for the human judgement essential to the delivery of public services. Worse than that, it gives people false comfort that an infallible central state is looking after their best interests. But the many scandals of lost data, leaked documents and database failures have put millions at risk. It is time for a new approach to protecting our liberty…

– David Cameron, “Invitation to Join the Government of Great Britain”, 2010

The problem I can foresee is, what if my MP points out that the bill is almost identical to the one Labour tried to introduce in 2008/2009 and therefore is something that she is broadly in favour of?

If this does happen then I could possibly try the angle that although Labour did investigate it, they found it had too much public opposition and was technically infeasible at a sensible cost. In effect I could try to spin this as a further attack point on the coalition that despite a past government having already spent time and money on this and getting an answer the coalition doesn’t like, they are going to do it all over again. If anything in an age when we have even less money and time to be spending on it.

I think my MP is a fan of Harriet Harman. Has Harriet Harman yet said anything that would indicate opposition of the CDB in all its past incarnations? What was Ms Harman’s stance on the CDB when Labour were proposing it? Give me links, people.

Any more ideas why Labour should get their hate on?

(If my MP is reading this, no disrespect is intended and I’m fully glad that you are able to read this without having to snarf it off of a black box on my ISP’s network! I look forward to having a chat with you about it.)

Update:

Just after writing this I contacted my MP’s secretary and asked for details of her surgeries. I was emailed back and asked if I would instead like to speak to her on the phone.

I was disappointed at not being offered a face to face meeting, but not wanting to appear to be a nutter I agreed to this and a call was scheduled for 2.30pm on Friday 6th July.

Depending on how it goes I may still try to have a follow up meeting. Whatever the case I will put all my concerns in writing anyway.

Update Friday 6th July:
It got to 3pm and I hadn’t had the call I was promised, so I emailed the MP’s secretary again to ask if it was still happening. The secretary replied immediately that she was sorry and would text my MP to find out what had happened.

Shortly afterwards I received a phone call from my MP, who was obviously in her car, apologising. She said that she had hoped to speak to me between meetings but was now having to rush to another and wouldn’t be able to, and asked if we could re-schedule the call for Monday 9th July.

I have agreed to that.

Update Monday 9th July:

Our phone call had been arranged for 11.30 today. By 12.30 I hadn’t received a call, so I emailed the MP’s secretary again to ask if it was still happening. As of 2pm I’ve received no response and I’m not available on the phone for the rest of today.

I’m rather disappointed that it seems to be so difficult to speak to my MP about this important piece of proposed legislation. I suspect that, as my first query about surgeries was turned into a suggestion of a phone call, that my MP doesn’t hold surgeries (I can find no details of any surgeries she may have held). I haven’t got infinite time to spend on this and am considering just putting my views in writing and calling an end to it.

Update Tuesday 10th July:

I received an email reply this morning from my MP’s secretary saying that she (the secretary) had not been working the day before so had not seen my email querying the lack of phone call. She asked me to confirm if a phone call had taken place. I replied that it had not taken place.

Around 5.45pm someone else from my MP’s office emailed me to ask if I was able to take a phone call on Friday (13th). No explanation of why the previously arranged call hadn’t happened.

I’m unsure at this point whether to suck it up and agree to reschedule the call, or whether to give up. If this were anyone in my personal or professional life I would have given up on them by now. But that doesn’t help anyone does it, and leaves me open to the criticism that I just didn’t try hard enough.

Update Wednesday 11th July:

Yesterday I was rather frustrated by the whole thing, but after a night’s sleep I’ve had chance to calm down and I’ve decided that in the interests of getting my point across I will swallow my pride.

I’ve again asked if a face to face conversation at a surgery is possible (because I think this is a complicated subject that isn’t best discussed on the phone), but if not then I’ve agreed to reschedule the call for Friday.

Around 09:45 I received a phone call from Mary Jo (secretary) who apologised unreservedly for how I had been treated and promised to sort it out today. I’m now glad that I didn’t lose my temper yesterday.

It’s since been arranged that I will have a face to face meeting with my MP on Friday 13th, so that’s great news.

Update Friday 13th July:

I think the meeting today went well. Ms Malhotra gave me plenty of time to discuss my concerns, seemed to genuinely take many of them on board and offered me some very useful advice for how I might like to take things further. She apologised for the initial problems I’d had in getting to speak to her. Overall I’m very glad that I persevered with this.

Of course there is much more to do, but making my views known to my MP was a necessary step.

CentOS 6 in a chroot

Posted on August 13, 2011 by Andy

When fiddling with CentOS 6.x in a chroot:

If your host architecture is x86_64 but your chroot architecture is i686 then you’ll find that yum update will try to install lots of x86_64 packages, and then fail. That’s because the arch command still returns “x86_64”. You’ll want to use setarch:
```
# arch
x86_64
# setarch i386 /bin/bash
# arch
i686
#
```
You’ll need to make sure you have a useful /proc as otherwise yum won’t be able to work out how much free disk space there is and will refuse to proceed. Bind mounting is probably easiest:
```
$ sudo mount --bind /proc /srv/your/chroot/proc
```
You might find that things you install aren’t labelled correctly for SELinux. If this is a virtual machine then you can force it to relabel on boot:
```
$ sudo touch /srv/your/chroot/.autorelabel
```
fixfiles may also work, but I haven’t tried that.

Thanks to Alex for the setarch tip which I had not come across before.

Domain name as hostname not recommended

Posted on June 10, 2011June 10, 2011 by Andy

I had an interesting support ticket yesterday.

Someone was trying to do an apt-get update via BitFolk‘s apt cache and was ending up connecting to 2607:f0d0:1003:85::c40a:2942, where it was failing to update. This is not a BitFolk IPv6 address, nor is it the IPv6 address of a Debian mirror. Where was it coming from?

I’d asked the customer for the contents of a bunch of config files and output of the dig command, and while I was waiting for that I mentioned the problem on IRC, where Graham said:

<gdb> $ dig -t aaaa +short apt-cacher.com.net
<gdb> 2a00:1c10:3:634::3486:75a0
<gdb> 2607:f0d0:1003:85::c40a:2942
<grifferz> interesting
<gdb> Same for apt-cacher.bitfolk.com.net
<grifferz> so he's probably got some  search line in
           his resolv.conf
<gdb> I would ask what the search line is
<grifferz> r
<grifferz> search lines always good entertainment for
           those times when wtf moments are scarce
<gdb> Actually it's possible that the hostname is
      foo.net and there's no search line.

It seems that the enterprising folks at com.net have put in wildcard A and AAAA records which basically means that if you try to resolve *.com.net you end up at their “search portal”. That’s all web-based of course.

The customer didn’t have a search line, but the issue was that their host had a fully-qualified domain name (FQDN) along the lines of example.net.

This meant that according to default resolver settings it considered itself to be inside the domain net, and when searching for hosts (like apt-cacher.bitfolk.com) it would try to find them with .net appended first.

Massively confusing.

It can be fixed by giving the resolver libraries a hint as to which domain you are actually in, in the /etc/resolv.conf:

domain example.net
nameserver 192.168.1.2
nameserver 192.168.1.3

Having said that, it’s better not to pick your domain as the FQDN for any host and this is just one of the weird issues I have seen.

Sometimes customers order a VPS with a FQDN set to something like this, and I’ve yearned for an authoritative bit of documentation that says it’s not recommended. I asked about it on HantsLUG a while back also, and while it seems there was some agreement, it still seems to be down to preference.

I’ve never really tried to tell a prospective customer that they should pick a host within their domain (e.g. foo.example.net) instead of the domain name as the FQDN, because it always seemed like too complicated a subject to explain. Maybe I should try to find a way in future.

Mass-setting the default view mode for cacti

Posted on May 18, 2011 by Andy

Contents

Danger, Will Robinson!
Set “What to do when this user logs in” to “Show the default graph screen”
Set “Which mode you want displayed when you visit ‘graph_view.php'” to “Preview View” for users who have graph settings already
Set “Which mode you want displayed when you visit ‘graph_view.php'” to “Preview View” for users with no graph settings
That’s it

Recently it came to my attention that many of BitFolk‘s customers were finding our Cacti install confusing. The main problem was that upon logging in they were confronted with the default graph view – the “Tree View” – and they didn’t understand where they might find the relevant graphs within this tree.

Experienced Cacti users will know that you can also click on the “List View” or “Preview View” to get a list or grid respectively of all graphs that they’re permitted to view, but most customers are not experienced Cacti users. For me personally, having permission to view some 1400 graphs I appreciate the tree view to enforce some order, but it’s not about me. Customers generally have 2-5 graphs to view.

I decided that I would set the default view for all users to be “Preview View”. Now I wasn’t going to click on every one of the hundreds of them in the web interface to set this, and I wasn’t going to send instructions to people on how to do it for themselves either. I decided to fiddle with the database directly. This turned out to be very simple, once you know how. Here’s how.

Danger, Will Robinson! ^

Firstly, don’t do this lightly. This worked with Cacti as present in Debian squeeze and I don’t believe the database schema has changed in ages, but maybe it has or maybe it will, so before you try this:

Take a backup of your cacti database. Just mysqldump it or whatever.
Check that the queries make sense. You might like to practice on just one user account before doing it on all.

Basically if you don’t understand what these queries do, don’t do them.

There are probably more elegant ways to do this, but it’s only going to be done once so I’m not going to try to optimise it.

Set “What to do when this user logs in” to “Show the default graph screen” ^

mysql> UPDATE user_auth SET login_opts=3;

Set “Which mode you want displayed when you visit ‘graph_view.php'” to “Preview View” for users who have graph settings already ^

If a user has changed their graph settings then they’ll have a row in the settings_graphs table for this particular setting already.

mysql> UPDATE settings_graphs SET value=3 WHERE name="default_view_mode";

Set “Which mode you want displayed when you visit ‘graph_view.php'” to “Preview View” for users with no graph settings ^

Most users won’t have changed their graph settings and so won’t have a row for this. We’ll need to insert one.

mysql> INSERT IGNORE INTO settings_graphs (user_id, name, value)
  SELECT id, "default_view_mode", 3 FROM user_auth;

The IGNORE is required because there will probably be some pre-existing rows from users who did have some graph settings.

You could probably combine the UPDATE and INSERT steps by using REPLACE instead.

That’s it ^

On next login, the user should be put directly at the “Preview View”. They can still change their settings to something different if they end up not liking that.

The ongoing struggle

I'll get there one day.

Category: Business