Keyboard shortcut of the week: New, Open, and Save

Just about every Windows application works with documents, which you will create, open and save at various stages. These three functions have associated keyboard shortcuts that work with most if not all the applications that you use regularly. I use the word document here to refer to anything that can be created or edited with software, whether that is a piece of music, an image or some other project.

New document
To create a new document (or in the case of web browsers - to open a new window) hold down the Ctrl key and press N. In some programs you may be asked whether you want to save your current work, this is because they only work with one document at a time.

Open document
To toggle the 'Open File' dialogue hold down the Ctrl key and press O. As with creating a new document, you may be asked to save your current work first.

Save document
To save your current document hold down Ctrl and press S. The first time you save your document the application will generally ask you for a file name to save it with, after that it will probably not give you any indication that it has saved your work.

This is probably the most important of the three as anyone who has lost work through Windows crashing, because of a power outage, or through some other calamity will tell you. Save regularly!

Read more »

Posted in: Keyboard shortcut

IQ Visual Mapping Update

The excitement continues to mount as we move towards the October 2-3,2008 IQ Visual Mapping Conference to be held in Morristown, NJ. I am very happy to share with you that Michael Scherotter who is well known to the Mindjet Community has agreed to speak. Michael was the force behind Mindjet Labs when he was working at Mindjet and was an active member of the mind mapping community. Michael is is currently an Evangelist with Microsoft Corporation. As part of Microsoft’s Communications Sector evangelism team, Michael focuses on enterprise development tools and technologies for telecommunications, web hosting, and media & entertainment companies. Educated as an architect with both a Bachelors of Architecture and Masters of Architecture specializing in design tool development, Michael brings a sense of creativity and design to synergistic software development. Throughout his 13-year career in software development, Michael has specialized in combining software in innovative ways. You can read up about what Michael is up to at his blog called the Synergist.

Also check out Michael's blog post about the conference, I know that you will enjoy it. Hope to see you at the conference!

Read more »

Posted in: IQ Visual Mapping,Michael Scherotter,Mindjet Labs,MindManager

How to Calculate the Matrix Determinant on the Fly in MS Excel

Calculating the Matrix Determinant on the Fly
1. Create a square matrix in Microsoft Office Excel with values.
2. Type an equal sign (=) followed by MDETERM in an empty cell. While typing, you’ll notice that Excel automatically gives you a list of functions beginning with what you have already written. Many more functions are available in Microsoft Office Excel 2007.
3. After the opening parenthesis, select your matrix data. You'll instantly see the determinant being calculated. Excel updates this value if you change the source data

Read more »

Posted in: MS Excel

How to manage photo gallery in windows Vista

Photo Gallery

Windows Vista makes managing your media files even easier. Windows
Photo Gallery is an improved way of looking at images and includes
better organizational features catered to media. You can use the
properties tools to add tags for additional references.
Here’s how to open Windows Photo Gallery:
1. Click Start.
2. Click All Programs.
3. Click Windows Photo Gallery.

Read more »

Posted in: Microsoft Vista,Photo Management

[TIPS] STOP RIGHT NOW! Download this FREE audiobook

http://blog.discoveryeducation.com/pennsylvania/2008/07/30/the-world-is-flat-audio-giveaway/

TEN thousand thank you's this time to.. yes, Sue Sheffer again, for sharing this one with me. She sent it to me from her Google Reader.

ACT NOW! Click the link in the article above to sign up for it. It's a free audio book version of Thomas Friedman's "The World Is Flat." If you've not yet read it, here's your chance to have it read TO you.

WOW!

Read more »

[TIPS] Elections - In Plain English

Again, a thousand thanks to Sue Sheffer for just now sharing this with me via email.

http://commoncraft.com/election

Another commoncraft winner. Elections in Plain English. Send this to every teacher you know who studies this with his/her students.

Read more »

[TIPS] twisted proverbs

http://www.beavton.k12.or.us/jacob_wismer/leahy/2007/proverbs/proverbs.htm

I just HAD to share this VERY funny list of twisted proverbs. The kids, 5th graders, had to come up with a new twist to an old proverb. Some are hysterical.  Like this one: "Children should be seen and not smelled." ROFL!! Or the wise, "A miss is as good as a Mrs." Or, "You can't teach an old dog long division."

What fun he must have had reading those, don't you think?

Read more »

[TIPS] The Connected - REALLY connected- University

MANY thanks to Ann Fife for sharing this one with me just now in email: http://www.acu.edu/technology/mobilelearning/students/videos/connected.html

WOW!

But beyond the wow factor, think how remarkable it is to have all those devices (phone, mp3 player, photo album, internet, and more) in ONE device. Project that out another ten years. Fifteen. Twenty five years out. The wondrous things we'll be able to do.

Just not in public schools. :-/

Read more »

[TIPS] Holy cow - you MUST see this

Another tweet (nod to Shareski) sent me to this youtube video. Forward this email RIGHT NOW to your favorite art teacher.

http://www.youtube.com/watch?v=tncwN7Hdyeg

Holy cow!!

Read more »

IT Jobs and How Trusted Business Advisors Can Lead You to Them

There are a lot of ways to get IT jobs, but one of the best is through trusted business advisors.

Who does your business look to for advice? Basically, a trusted business advisor is someone like an accountant, attorney, banker or some other person that provides professional advice on business matters.

You can really use your trusted business advisors to connect you to IT jobs and get very qualified leads and prospects out of the deal. Start with asking your trusted business advisors a basic question: “Do you need help with your technology?” If you can help this type of person, you can get a lot of credibility through a testimonial or case study if you do a great job for him/her.

Even if you DON’T do work for your small business advisors, you should talk to them about their own clients and their clients’ computer problems.

Often, your accountant or attorney will get some questions about computer problems from his/her clients. This is your chance to find out about IT jobs you might be able to connect to through this person. You can of course return the favor as another trusted business advisor whose clients usually value what you have to say about other major business issues – health insurance, life insurance, accounting, etc. – by recommending your OWN trusted business advisor to handle specific requests.

Sometimes connecting to great IT jobs is as simple as talking to those you trust with your important decisions. To learn more about this topic, visit the attached link!

Added By: Joshua Feinberg

Read more »

Posted in: IT jobs

Using aHa!Visual Web Export

I thought it would be a good idea to share with you information about the the IQ Visual Mapping Conference by using a mind map. What better way to convey information about the speakers and their bio's, then to export it to a mind map! In the process, I had the opportunity to use aHa!Visual Web Export which is a MindManager add-in from aHa!Coaching in the Netherlands. The aHa!Visual web export allows you to publish the results of a brainstorm or strategy session in the same visual map format the participants saw on their computers without the need for any other plug-in or viewers. Using a standard browser you can view your map complete with attachments and notes. I found using aHa!Visual Web Export to be be very easy and straight forward. Once aHa!Visual Web Export is installed you simply click on the Export tab and Select Export as Web Pages. (View the Process by Clicking here.) At this point you will see that you have a new export template call aHa!Visual Web Template. You simply select the aHa!Visual Web Export template, select where you want the output files to be stored and click OK. Once the process is complete you can view your map in your default browser. The mind map is interactive and you can click on the topics as well as the embedded documents and attachments to view the contents. To view it on the web just use your favorite FTP program to upload the files on your server and you are ready to go. After uploading the files I was able to view the map. I do wish that the mind map could appear bigger on the screen and that you could open and close the nodes as you would when using MindManager 7 application- but overall I was very satisfied with the ease of the the process and how aHa!Visual Web Export worked. This really was very easy to do! You can view the mind map on the web by clicking here.

Read more »

Posted in: Adobe Captivate,aHaVisual Web Export,IQ Visual Mapping,mind mapping,MindManager,MindManager 7

[TIPS] cyberbullying video

A cyberbullying video: http://www.youtube.com/watch?v=nbGIwCJK7FM

Here's how this came to my attention. This is a story about THAT as much as it is about this video.

A tweet appeared (from twitterfox) and I happened to catch a couple words of it. It was about a video that was being recommended. I went back into the messages and started to track it backwards. The person who recommended it said that the other person should be prepared to cry - as it gets to this person every time. So, it got me curious. Maybe it was a good video to share in a workshop. I kept reading backwards until I found the original link which was a blog post. http://thismommygig.org/2008/07/29/the-sins-of-his-father/

Now, I didn't read the entire post, because there was a link in the first paragraph to this video: http://www.youtube.com/watch?v=iQvk_c_LnUg. That's the one that he said to be prepared to cry about. So, of course, off I went to see it. (It didn't get to me, but I can see how it COULD get to others)

I was reading the comments underneath the video and someone mentioned that the song was also featured in a video about cyberbullying. Sooooo, off I went in search of that video. That's the link at the top.

I don't know the person who sent that tweet, but he's a teacher somewhere. He started following me, and when I saw that his posts were educational in nature I followed him back. (I don't follow folks just cuz they follow me. I have to see that their tweets are meaningful - at least SOME of the time.) The point is, while some argue that twitter has no value, I would argue that they're just following the wrong people.

Read more »

[TIPS] Call for Proposals of PETE&C 2009

Are you in the PA area? Do you have an idea for  pre-conference workshop for the 2009 PETE&C conference? (http://www.peteandc.org) Then this may be for you.Otherwise.. never mind.
- - -


This is a reminder that the deadline for submission of proposals for the 2009 PETE & C Pre-conference is August 15, 2008.
INVITATION TO PARTICIPATE
You are invited to submit a proposal to conduct a pre-conference workshop or seminar for the 2009 PENNSYLVANIA EDUCATIONAL TECHNOLOGY EXPOSITION & CONFERENCE (PETE & C). Individuals representing all academic disciplines and levels and all phases of technology and education are welcome to submit proposals. Pre-conference sessions can be in a seminar format or hands-on workshops and will be conducted on Sunday, February 8, 2009. Sessions can be either three or six hours in length.

SCOPE
The following general topics are examples of interest areas:

    * Computer use at all academic levels, K-12 and higher education, and in all academic disciplines.
    * Curricular planning in disciplines where technology is the focus of instruction.
    * Computer education and opportunities for special audiences.
    * Computer-managed instruction and computer based testing. Computer education for teachers.
    * Administrative applications of technology at building and/or district level.
    * Computer education outside the typical school environment.
    * Technology partnership programs with education and business, industry, or government.
    * Emerging technologies for educational utilization.


Proposals are being accepted online. Hard copies of proposals will not be accepted. For details and to submit a proposal, go to:
http://www.peteandc.org
Click on Preconference Workshops
Click on Preconference Session Request for Proposal Form

The deadline for submissions is August 15, 2008.

Please direct any questions to:
Janet Dubble
janet_dubble at iu13.org

Read more »

MediaWiki with IDS (courtesy of Jacques Roy)

This is a very quick post, just to reference a blog article by old time IDS guru Jacques Roy.
Jacques Roy has years of experience with IDS, in particular in extensibility and he writes a blog.

In one of his articles he tells us that he manage to run MediaWiki with IDS 11.50.
This setup takes advantage of one of the new features of IDS 11.50, the Basic Text Datablade (BTS) that you get for free with it.

As you probably know, MediaWiki is the best known Wiki software, and you've probably used it in WikiPedia.
It's very nice to see that it's possible to use IDS with this kind of software, and if you'd like to use it, I'm sure Jacques would be glad to help you.
I took the opportunity to add Jacques's blog to the list of links.

Read more »

[TIPS] check out THIS Google Earth Interface

http://www.perceptivepixel.com/

Oh my… I’m SO worried that we’re not even CLOSE to what we should be doing with technology in schools. Think about how many folks are content to assign PowerPoints as assignments or who believe that the ultimate in a technology lesson is a scavenger hunt. Watch that video and ask yourself the question, “What else can I be doing to get my students prepared for what’s coming?” No, I KNOW that we can’t prepare for the unknown. We can’t teach them the specific skills that they will need. But, we CAN help them to use tools that are personal learning tools. We CAN help them to learn to search beyond the basic level of searching. We CAN help to excite them about the tools they now have that will let them gather, organize, and process some of the exabytes (billions of gigabytes) of new information every year. This video is showing an amazing interface with Google earth. Yet, in some of our districts Google Earth is blocked. Why isn’t that criminal interference with the education of every kid in that district?

Oh my… SO much work to do…..

Read more »

[TIPS] edublogs.tv

I don't know how long this one has been around, so it may not be a tip to many of you. But, http://edublogs.tv is a safe alternative to YouTUbe. No, it doesn't have the variety of content, yet, that youtube has. But, you CAN embed or link to videos, tag them, AND they load amazingly fast. (Unlike another alternative to youtube we've seen.)

I did find a couple things of interest. First, I didn't see any rss feeds. I would think you'd want rss feeds for each category. I don't want to run back here to see if anything new has been posted.

Second, there is no "Contact Us" link anywhere. I wanted to send them a note that they had a typo on a page. (The line said something like, "When someone send you a ..." - send instead of sends.)

Third, this quote: "Upload your own videos or simply grab them from YouTube (it only takes a few clicks!) to avoid school filters." Can you really republish someone else's videos on another site? I didn't know that. Can someone fill me in on that?

Anyway, if they get the rss feeds in place, and if teachers DO start to put the videos from youtube in here, then it certainly does have some great potential. Wouldn't you agree?

Read more »

How to use Local Users and Groups

How to use Local Users and Groups using your computer

You might need to be logged on as an administrator or a member of the Administrators group in order to perform some tasks.
Local Users and Groups manages users and groups of users for your computer. You can create new users and groups, add users to groups, remove users from groups, disable user and group accounts, and reset passwords.

To open Local Users and Groups

1. Open Computer Management (Local).
2. In the console tree, click Local Users and Groups.

Notes

1. To open Computer Management, click Start, and then click Control Panel. Double-click Administrative Tools, and then double-clickComputer Management.
2. For information about using Local Users and Groups, in Computer Management, click Help on the Action menu.

Read more »

Posted in: Local Users and Groups,Networking Tips,XP Tools

How to Use Removable Storage

You might need to be logged on as an administrator or a member of the Administrators group in order to perform some tasks.

Removable Storage makes it easy for you to track your removable storage media (such as tapes and optical discs) and to manage the libraries that contain them (such as changers and jukeboxes).

To open Removable Storage

1. Open Computer Management (Local).
2. In the console tree, click Removable Storage.

Notes

1. To open Computer Management, click Start, and then click Control Panel. Double-click Administrative Tools, and then double-click Computer Management
2. For information about using Removable Storage, in Computer Management, click Help on the Action menu.

Read more »

Posted in: XP Tools

How to Use System Properties

You might need to be logged on as an administrator or a member of the Administrators group in order to perform some tasks.

System Properties is a Windows Management Instrumentation (WMI) tool that lets you view and change system properties on a remote computer or local computer. Using System Properties, you can restart a remote computer to apply settings changes or to detect new hardware, view the computer name and domain information for other computers on your network, and change the settings for the virtual memory paging file on a computer that might run programs requiring a lot of memory.

To open System Properties

1Open Computer Management (Local).
2.In the console tree, right-click Computer Management (Local), and then click Properties.

Notes

1. To open Computer Management, click Start, and then click Control Panel. Double-click Administrative Tools, and then double-click Computer Management.
2. For information about using System Properties, in Computer Management, click Help on the Action menu.

Read more »

Posted in: XP Tools

How to use Microsoft Management Console

The Microsoft Management Console (MMC) is a tool used to create, save, and open collections of administrative tools, called consoles. Consoles contain items such as snap-ins, extension snap-ins, monitor controls, tasks, wizards, and documentation required to manage many of the hardware, software, and networking components of your Windows system. You can add items to an existing MMC console, or you can create new consoles and configure them to administer a specific system component.
Open MMC
Notes
1. To open MMC, click Start, and then click Run. In the Open box, type mmc.
2. For information about using MMC, on the Action menu, click Help.

Read more »

Posted in: XP Tools

How To Use Back Up

The Backup utility helps you create a copy of the information on your hard disk In the event that the original data on your hard disk is accidentally erased or overwritten, or becomes inaccessible because of a hard disk malfunction, you can use the copy to restore your lost or damaged data.

Open Backup
Notes

1. To start Backup, click Start, point to All Programs, point to Accessories, point to System Tools, and then click Backup.
2. The Removable Storage service must be started for Backup to work properly. For more information, click Related Topics.
3. You can also use the Automated System Recovery Wizard in the Backup utility to help you repair your system.
4. For information about using Backup, click the Help menu in Backup.

Read more »

Posted in: XP Tools

How to know whichPrograms included with Windows XP

Windows XP provides the tools you need to work and play in today's high-speed communications environment. Your toolbox includes system tools that help you set and adjust system resources, users and user groups, and scheduled system tasks. Accessories help you get the job done, no matter what the job is. You can create documents and images, calculate figures, schedule your time, and have online meetings with co-workers. When it's time to enjoy some music, browse the Internet, or play a few games. Your communications and entertainment tools will help you relax.

Read more »

Posted in: Windows XP

Whats new in windows XP

Windows XP brims with new features, improved programs, and tools. See what’s new; take an entertaining tour; learn about the programs Windows XP contains, including systems, accessories, and communications and entertainment programs. Read articles containing full descriptions for performing key tasks from start to finish. Look up unfamiliar terms in the glossary.

Read more »

Posted in: Windows XP

Internet Browser

Many internet browser can we use to surfing at internet. This is some browser that we can download for free.

• Safari (runs on OS X, iPhone and is new to Windows)
• Firefox (general purpose with the most plug-ins)
• Opera (supports torrents, handles e-mail and runs on mobile devices)
• Konqueror (dual purpose file manager)
• Seamonkey (includes HTML editor and e-mail client)
• Flock (social networking)

Try them and get the better browser for you...

Read more »

The Seventh Carnival of Computer Help and Advice

Welcome to the seventh monthly Carnival of Computer Help and Advice. Here is another selection of some of the best blog posts offering aid with computer issues published in the last month. I would like to thank everyone who contributed. If you would like to host the next carnival leave a comment on this post or use the contact form over at our Blog Carnival page where you can also submit your blog posts for inclusion.

We shall start with a couple of posts about quality free software. Mastersystem at TipForge provides us with a set of CCleaner Tips to help us remove all those temporary files that gather on our hard-drives. Speaking of hard-drives, Jules lets us know about a Windows Defrag Alternative at PCauthorities.com.

These two bloggers also offer advice about dealing with Windows problems: mastersystem explains Problem Reports and Solutions in Vista; while Jules shows How to Deal with Uninstall Problems in Windows.

First time contributor, Sai of American (Tech) Sai-ko submitted an excellent post, IE Cookies: Yum!, which contains everything you will ever need to know about cookies in Internet Explorer.

We will finish up with a pair of posts from two regular contributors to this carnival. Resident security expert, Paul Wilcox of Security Manor, gives advice on Removing Spyware From Your Computer and described The 3 Forms Of Computer Viruses. Digital imaging expert, Andrew Edgington, presents two more posts about Photoshop. The first explains about Changing Image Dimentions Using Adobe Photohop, and the second introduces Airbrushing.

See you next month.

Read more »

Posted in: Blog Carnival

Does When u Double click on Drive... New Window opens?

Whenever ppl double-click on any folder in Computer,

it opens in a new window even if selected the option “Always open folders in same window” in “Tools -> Folder Options”.
For this kind of Problem

Download following zip file, extract it and then run .REG file and confirm the action:

Download

Read more »

Updated trick for enabling Folder option

Many times Windows users face a common problem. The “Folder Options” in “Tools” menu is not visible. Even It can’t be accessed from Control Panel. Also “Registry Editor” is disabled.
Follow the simple steps mentioned in this tutorial and your problem will be solved:

1. If Folder Options is disabled but Registry Editor is still working in your system, then you can enable Folder Options by editing Windows Registry.
Type regedit in RUN dialog box and press Enter.
it’ll open Registry Editor, now go to following keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\ExplorerHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Policies\Explorer
In right-side pane, check whether a DWORD value named NoFolderOptions exists or not? If it exists, delete it.

2. If you are not familiar with editing the registry, then you can simply download following file, extract it and then run the .REG file:
Folder_option.zip

................................................................................................................
If u cant run regedit ....
Seems like your system is infected with a virus. Pls follow following link:
http://www.askvg.com/is-your-system-infected-with-a-virus-spyware-adware-trojan/

..................................................................................................................
Some ppl find that "show hidden files and folders" option ll not b enabled..
though enabled they cant c the hidden folders...
for that dont worry
--open RUN
--type regedit
--HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Explorer\Advanced
And in right-side pane, change value of “Hidden” to 1 and refresh My Computer window and you’ll be able to see hidden files again

Read more »

Secret Codes for Nokia

Codes :
1) *#06# For checking IMEI(international Mobile Equipment Identity)
2) *#7780# Reset to factory settings
3) *#0000# To view software version
4) *#2820# Bluetooth device address
5) *#746025625# Sim clock allowed status
6) #pw+1234567890+1# Shows if ur sim as any restrictions

Read more »

Choose Printer

Before get printer, we must know how much money we want to spend. Make the amount realistic for what you want. Then choose type of printer according your purpose, for home users who print documents occasionally and for various purposes such as school projects, a color ink printer would be sufficient. The entire family will enjoy the color output. For office users who print daily, the speed and reliability of a laser printer will be appreciated. For a well-budgeted office, it's recommended to have both types of printers to meet the requirements of different purposes.

Read more »

SnagIt 9 and MindManager 7

Sometime ago, I did a screencast showing you how I use SnagIt with MindManager to add images to your mind maps. Since TechSmith recently released SnagIt 9 along with the MindManager Plug-in, I thought that it would be a good idea to show you just how you can effortlessly add images to your mind maps. In this screencast you can see just how easy it is to capture images and send them directly to MindManager 7. You can click on this link or on the image to see the screencast. Enjoy

Read more »

Posted in: MindManager,snagit,snagit 9,TechSmith

Sharing with Crossloop

A couple of days ago I had mentioned that I came across a screen sharing application called Crossloop and just yesterday evening, I finally got a chance to work with it with my colleague Wallace Tait. Both of us were talking over Skype and decided that we wanted to take a look at how JCVGantt worked with MindManager in preparation for the IQ Visual Mapping Conference that is planned for October 2-3, 2008. We both started up Crossloop and exchanged our access keys that we entered into the Crossloop widget. In a matter of seconds we were connected and a dialog box popped up asking for permission to share each other computer screens. Once I clicked on the OK button I was able to see Wallace's screen and I could control his computer as if I was looking over his shoulder. The screen was very clear and there was no noticeable delay when I was moving icons or double clicking on applications to start them up. Since Wallace could also use the mouse as well, there were times when we would both try to do something and realize that we had to wait for the other person to relinquish control of the mouse. Other than that it was easy to go back and forth with sharing our screens by clicking on control icons that I would consider to be a very easy and intuitive to learn how to use. Crossloop is a free tool for Window's users that would be ideal for one on one webinars and for doing remote support. Using this technology both computers would need to have Crossloop client installed. Once installed it is very easy to use to get your session started. Download Crossloop and let me know how you successfully used it in the work that you do. If you are looking for training in the comfort of your home or office, over the web, in the area of assistive technology, visual mindmapping, or project planning- shoot me an email and I will let you know how we can get started.

Read more »

Posted in: brian friedlander,crossloop,IQ Visual Mapping,JCVGantt Pro 3,MindManager,wallace tait

[TIPS] cameroid - got a webcam?

If you've got a webcam (including a built-in one) then you may want to put your kids - and yourself - onto this fun site: http://www.cameroid.com/snap.php. It uses your camera to take FUN pictures of yourself.

Mac users will recognize the first couple screens of options for your picture, but then you can even put your face into a monkey face, or on the Mona Lisa, etc. When you're done, save it to your desktop. No registration required.

Read more »

Your Own Theater

For smoker, it's hard to sit at theater to see movie without smoking. If you want smoking at theater while watch the movie you can create your own theater at home. You can buy projector to create private theater. The next question is type of projector which you should pick? What brand is best, what's the difference between resolutions?
The first step to get projector is make sure you have the space and money needed! Projectors can be pretty expensive, especially if you want one of the newest models. Price can range anywhere from just under $1000 to well above $7500 or more. Check around for deals. Oftentimes it's possible to get last year's model for much cheaper than the newest one on the market.

Read more »

Speak now or forever hold your peace... well until next month anyway

This is the last chance for somebody to volunteer to host this month's Carnival of Computer Help and Advice. If you would like to play host to this digest of some of the best of this month's blog posts that share their author's sagely wisdom leave a comment on this post, contact me through the carnival's web page, or use the Contactify facility in the left column on this page.

There are three options for hosting: first, I can forward you details of all the submitted articles and you can select around twelve of them and write the carnival post; second, I can select the best dozen or so articles and forward you the details of those; third, I will select the articles and write the host and all you have to do is post it on your blog on the 27th July (short notice, I know).

If nobody is interested in hosting this month's carnival, it will appear here in a couple of days time.

If you wish to host a future carnival then please contact me using one of the aforementioned ways.

Read more »

Posted in: Blog Carnival

Jing Turns One!

Happy Birthday to Jing Project which celebrated its first year in production. I have used Jing in my courses and continue to use it for quick video tutorials. Techsmith in honor of its first year birthday has double the amount of storage and bandwidth on Screencast. So now you automatically get 2 GB of storage space to store all of your Jing screencasts. What a great deal! It looks as if there will be some premium services built around Jing in the coming months based on the email that I received. So go enjoy your new found freedom to create more Jing projects!

Read more »

Posted in: Jing,screencast,TechSmith

How to Start a Computer Business: Tips You Can Use

Do you know how to start a computer business? If you’re new to the idea but really interested, sometimes the most difficult part is just beyond making the leap – deciding which type of computer business you want to start in the first place.

Some Tips about How to Start a Computer Business

1. Decide whether you want to start an independent computer consulting business or be part of a franchise. Do you want to build a business completely by yourself or take some shortcuts? Just remember that with a franchise you’re going to have to be able to follow some rules and put in some real time and care.

2. Get ready to work! During the startup phase when you are trying to figure out how to start a computer consulting business, you’re going to have to work really hard to get it off the ground by really getting out there and getting your name known in the community. You won’t get lots of billable projects in the beginning. And this work won’t go away even if you buy into a pre-established franchise.

3. Everyone is different. The right choice for one consultant is not necessarily the right one for you. You need to think about your goals, your skills, your available time and how much money you have to spend.

Today we talked about some tips regarding how to start a computer business. To learn more about how you can start your own business and be successful, visit the attached link!

Submitted By: Computer Consulting Kit

Read more »

Posted in: how to start a computer business

Turnoff Windows Sound

When you use those computers, you don't have to endure those inconvenient Windows sounds. You can switch them off during your start-up if you find them annoying.

• Go to the Start menu on the left-hand side of your computer screen.
• Click "Control Panel" in the right column.
• Click on "Sounds and Audio Devices" within the control panel. Note: these choices are in order. It looks like a miniature black speaker.
• Search click "Start Windows," and select "None" from the drop-down box. And,"Windows Logoff" and select "none".
• There you can change the sound with your favorite sound.
  

Read more »

[TIPS] camtwist documentation

This is for the Mac users out there. I've used - rather, I've played around with - Camtwist for a short while. If you've seen my twitter pic you'll get an idea of the extent of my play. But today I was looking around for some documentation and found their documentation wiki. In it are two video that are PRICELESS! If you're a mac user and don't have camtwist yet - GO GET iT! Make a donation, too! This is worth a TON! Then rush to this site to see how to use it.

http://allocinit.com/index.php?title=CamTwist.Documentation

Oh, and don't forget the blog posts that tell us how to use Skype, Camtwist and ustream together to make one VERY COOL live broadcast.

couros blog

Hokanson

Read more »

Posted in: camtwist,video

How to Collect Your Favorite Shapes for Easy Access in MS Office Visio

Collect Your Favorite Shapes for Easy Access
Do you frequently use the same shapes from several different stencils when creating diagrams? Instead of opening several stencils each time you start a new diagram, just save your frequently used shapes to the Favorites stencil for easy access from one location. To save a shape to the Favorites stencil, right-click the shape in its existing stencil, point to Add to My Shapes, and then click Favorites.
Notice that, from the Add to My Shapes options, you can also create your own custom stencils and add favorite shapes to those. (After you create a custom stencil, it will appear under the Add to My Shapes options as well.) To access the Favorites stencil or your custom stencils, on the File menu, point to Shapes, and then point to My Shapes.

Read more »

Posted in: MS Office Visio 2007

How to Speed Up Displaying Documents with Many Graphics in ms word

Now you can see your documents with many graphics to do this just follow the instructions

1. Click the Office button, and then click Word Options.
2. Click Advanced, scroll down to the Show document content section, and select Show picture placeholders.
3. Click OK. Pictures will be shown with placeholders, markers that maintain the structure of the document without showing the picture itself.

Read more »

Posted in: MS Word

PersonalBrain 4.5 Released

I have written a great deal during the past year about the PersonalBrain and I am glad to announce that PersonalBrain 4.5 was released today with a slew of new features. Here are are new features that you will find in the PersonalBrian 4.5:

PersonalBrain 4.5 helps people mind map their Thoughts, ideas and information with new visualization, searching and editing features. New features include:

• Increased Performance - PersonalBrain's dynamic user interface enables one to visually navigate related information. All operations are now faster, from loading to creating information and navigation is up to 30 times faster. This increased speed opens up the ability to easily create Brains with hundreds of thousands of Thoughts.

• Advanced Search and Indexing - PersonalBrain features a powerful search that lets users shift focus to anything that comes to mind in seconds. Live search results appear as users type, prioritized based on usage data. Version 4.5 intelligently interprets requests so the initials of a person can be used instead of their full name for example.

• Superior Distant Thought View (http://www.thebrain.com/site/video/pbViews.html) - PersonalBrain's exclusive display engine makes it a powerful visualization tool for concept and mind mapping. The engine continues to evolve in version 4.5 with an optimized view of second generation Thoughts for easier reading and an even more intuitive visual browser.

• Merging Brains and Copying Thoughts - Users can now easily merge the contents of one Brain into another and use sophisticated copying functions to leverage a set of Thoughts and relationships in different contexts.

• Excel and Word Relationship Import (http://www.youtube.com/watch?v=jV533xqxQl4) - Information structures from Word, Excel and other applications can now be imported into PersonalBrain. Outlines constructed outside of PersonalBrain are easy to import and are automatically visualized. The imported structures can be left as is or leveraged with the sophisticated tools available in PersonalBrain. Conversely, information can also be exported back out of PersonalBrain just as easily.

• Complete Undo and Redo Editing - PersonalBrain's intuitive drag and relate technology lets users create and link numerous ideas and Thoughts in seconds. Now with complete undo and redo capabilities, users can make connections even faster. If a change is made and then reconsidered the multiple level undo buffer makes going back a one step process.

Pricing and Availability

PersonalBrain 4.5 is a complimentary upgrade for all registered PersonalBrain 4.0 users. PersonalBrain is offered in three editions: Free, Core, and Pro (the most powerful edition). PersonalBrain Free is offered at no charge and does not expire. Download your PersonalBrain at http://www.thebrain.com/download. (http://www.thebrain.com/download) Using the free edition anyone can link unlimited ideas, notes and Web information on their desktops. Pro and Core editions are priced as follows: PersonalBrain Pro $249.95, PersonalBrain Core $149.95.

PersonalBrain 4 is compatible with Windows XP, Vista, Linux, and Mac OS X.

Awarding Winning Technical Support

If you have not experienced the PersonalBrain you really owe it to yourself! Here is a link to the Press Release.

Read more »

Posted in: PersonalBrain,Press Release,The Brain Technologies

Tweak UI: free MS Power Toy for Windows XP

I should start with an apology for not having posted anything here for a while. I have been rather busy for the last few weeks, but I am back now posting more PC help and advice starting with the most powerful of Microsoft's Power Toys for XP: Tweak UI.

You can download the software from here (or here if you have an Itanium™-based system).

Note: this software is designed for Windows XP (and 2003 Server), some users have reported some success with it on 32-bit versions of Vista, but not on Vista64.

Once downloaded and installed, Tweak UI (UI meaning 'user interface') will appear in your Control Panel. If you run it you will be presented with the following:

If you select a category from the tree-list on the left the right panel will show any relevant tweaks that can be made to the Windows interface. For example, Tweak UI offers some extra settings for the mouse. Click on the + next to 'Mouse' in the tree-list, and then click on 'Wheel' to see the following:


As you can see, I have chosen to use mouse wheel for scrolling 3 lines at a time. Notice that there is a description of what the tweak does, and that this change applies only to the user you are logged on with, not every user as some changes will. Browse through all the settings and see the other tweaks that you can make. Click the 'OK' button to apply the changes and close Tweak UI, or just click the 'Apply' button to see your changes in action while keeping Tweak UI open in case you wish to revert to your previous settings.

If you have any problems with or questions about Tweak UI feel free to leave a comment on this post. Happy tweaking!

Read more »

Posted in: Freeware,Windows GUI

[TIPS] text messaging on the iphone?

http://osxdaily.com/2008/07/17/free-sms-text-messaging-on-the-iphone/

I don't have one (yet) but it's sad to think that the phone plan for the iPhone is so ... scant. No text messages in the plan? Well, check out this article about how to change that - for free!

Read more »

Get Right Notebook

Today's laptops are much more powerful than even the hottest desktop computers, they're also lighter and much more stylish. Before buy laptop, read this list to get right laptop.

• Choose one that feels sturdy, solid and not too heavy
  
• Choose a laptop with at least two USB 2 connections
• Pay attention to screen size and resolution
• Check to see if the laptop has built in wireless capabilities, this is important for you that need online at internet.
• Check to see if the laptop has a DVD Burner
• Get an anti theft device
• Choose laptop that have service center at your city
  

Read more »

Compliance: Role Separation and Audit (part II)

On the first article about auditing, I tried to show how to configure an Informix Dynamic Server instance to use role separation. The purpose was to prepare the instance for implementation of the various roles involved in the management and audit of the instance.
In this article I will focus on the audit process. We will see how to setup the audit facility and how to define what and who is audited.
Keep in mind the previous article main point: The administration and auditing is prepared for several roles. Whether these roles are played by absolutely different sets of people is really a matter of why are you doing auditing. If you plan to setup a proper auditing environment, and want to be prepared for internal or external auditors than this role separation is crucial. On the other hand, if you're planning to implement auditing in order to gain more knowledge about your instance (what is being done, how often, by whom, from where...) then you can consider playing having each person play more than one role.

In the following paragraphs I will try to answer the following questions:

* What can be audited?
* Who can be audited?
* How do we define who/what is audited?
* How do we control the auditing facility?
* Where and how does the engine store the audit information?
* What do the audit logs contain?
* How painful is the auditing?

After these I will give examples and make a few considerations.
Let's start with the questions...


What can be audited?

Informix auditing facility permits us to activate audit per events. This means that we can audit actions. An action can be a command execution, a GRANT operation, execution of stored procedures, creation of tables etc. I have to be clear about one point: Currently, we cannot define audit based on objects. We can only define auditing on actions (and users as we will see next). This means you can activate auditing for GRANTs, but not for GRANTs on a specific table. You can activate audit for execution of stored procedure but not for a specific stored procedure. Some other RDBMS do exactly the opposite: You can audit objects and not actions. In a perfect world we'd probably like to have both. But if we think about it, we can understand Informix perspective. First we should keep in mind that a user can only do what he is allowed to do. If we're trying to answer the question "who did this?" a vague but truthfully answer would be "one of the persons who has the privileges to do that". This will not make auditors happy, but my point is that you can take two paths: define auditing for your sensitive objects, or otherwise define auditing for your sensitive users. Let's see some examples... In Informix you can audit actions like DROP CHUNK, DROP INDEX, DROP TABLE etc... Would you need to define the object in the auditing definition? Of course not... It's better to define the auditing on the action. The WHO and WHAT will be included in the audit log. You can also define auditing for CREATE TABLE, CREATE PROCEDURE etc. These ones can't also be established on objects, because they refer to new objects.
If you're thinking about using auditing to see who saw what in your database you probably have to reconsider your strategy. As I wrote before, people only do what they can. A user can't do more than their privileges let him. If you want to have finer control on what people can access you should probably implement Label Based Access Control (LBAC) to prevent the access instead to trying to check if people accessed what they should not.


Who can be audited?

In short: anyone. We activate the auditing for users. Users are anyone from the different roles. In this context a user can be a member of the DBSA group, a member of the users allowed to connect to the instance or a member of the DBSSO group. So, everybody that can access the instance, that can manage the instance, or that can define what is audited can be audited.
I would like to emphasize this: Without any other product, just with the bare Informix software, you can really establish a strong auditing facility that allows you to implement role separation, and you can effectively control your users actions and specially your power users, like the DBAs, DBSAs and DBSSOs. And besides this you also guarantee the integrity of the audit logs against your DBAs and DBSSOs, meaning that they can't change anything or do any cover up action without being spotted by the AAOs. This means more value for your money. Other RDBMs will require other products to implement this. Again, root is still a possible problem, and informix is a problem which you can control.

How do we define who/what is audited?

I hope you're ready for the technical part! Ok... In Informix, we have a long list of mnemonics that represent auditable actions. Theoretically, everything we can do within an instance is an action, and has a mnemonic for it. To give you a few examples, let's consider INSERTs, DELETEs, UPDATEs, CREATE TABLE etc. and a few more esoteric like CREATE CAST, onaudit, onbar....
Each of these have a mnemonic like INRW, DLRW, UPRW, CRTB, CRCT, ONAU, ONBR

So, as we saw before, we can audit actions and users. We specify the actions using a list of mnemonics but how do we specify the users? By using the concept of masks. Informix has three standard masks, usually called global masks and we can define the ones we want. Each mask will be defined with a list of mnemonics by the DBSSOs. The three global masks are:

1. _default
   This mask will be applied to any user that doesn't have a specific mask
   
2. _required
   This mask will be added to the user mask (or the _default if there is not a specific user mask)
   
3. _exclude
   This mask will contain actions that should not be audited

The masks are applied in the order above meaning that first will be the user (or _default) mask, then the _required and then the _exclude. Any conflict will be resolved by the order of the masks, meaning for example that if you specify one action (mnemonic) in the _required and _exclude masks, that action will not be audited.

You probably noticed that these masks start with an underscore. All masks that start with an underscore are called template masks and you can then use them to create specific user masks.
Note that if you do this and later change the template it will not change the user's mask.

How do we control the auditing facility?

The auditing facility is mainly controlled using the onaudit command. With it DBSSOs can change/define the user masks and the AAOs can start, stop and reconfigure the audit facility.
Let's check the command usage:


Usage: onaudit [-f file] [-u name] [-r bmsk] [-e eset] [-y]
onaudit [-c] [-n] [-l lev] [-e err] [-p path] [-s size]
action: one of
-a -- add a mask
-d -- delete a mask
-m -- modify a mask
-o -- output a mask
-r bmsk -- name of basemask
-c -- print audit configuration
-n -- start new log file
-l lev -- set ADTMODE
-e err -- set ADTERR
-p path -- set ADTPATH
-s size -- set ADTSIZE
-f file -- include instruction file
-u mask -- name of target/mask
-e eset -- event set added to (+) or removed from (-) mask
-y -- respond yes to all prompts


So, we can create a mask (-a), we can drop a mask (-d), change a mask (-m) or show a mask (-o). These would be options for the DBSSOs.
For AAOs we can change the audit mode (-l), change the behavior in case of error (-e), name the audit log files location (-p) and each audit log size (-s). I will show some examples later, but it's important to explain some of the settings. First, let's take the audit level. We can define the following audit levels:

• 0 - Means audit off
• 1 - Audit is on. No DBSSOs or DBSAs actions are automatically audited
• 3 - Audit is on and all the DBSSOs actions are automatically audited
  
• 5 - Audit is on and all the DBSAs actions are automatically audited
• 7 - Audit is on and all the DBSSOs and DBSAs actions are automatically audited

One very important option to note is that the AAOs can define a level that automatically audits the actions of the DBSAs and/or the DBSSOs. This prevents any DBSSOs to manipulate the audit masks to remove himself from the audited users. This also shows the importance of implementing real role separation.
Another note about the audit levels: You may notice that the levels (besides 0 which means off) are all odd numbers. If you're using older versions of IDS you may see references to even numbers. These were equivalents to the ones specified above, but instead of writing to log files the audit facility would send the audit info to the underlying operating system auditing facility. This was not standard, and didn't work on all platforms. In the latest IDS versions the support for those levels were discontinued.
Another important configuration is the audit error mode (-e). This defines the behavior of the instance when it need to audit something, but can't write to the audit log:

• 0 - Continues the normal processing, without writing the audit log
• 1 - Suspends the thread/session that need to be audited, and keeps trying to record the audit log
• 3 - The instance shuts down

So, you have to choose how important the audit is for you... If you can live without it, set it to 0. If you think you can continue to work on the instance (other sessions may not being audited), set it to 1. If you consider auditing to be crucial, you can stop the instance by setting it to 3, meaning it will shutdown if it finds a problem when trying to write the audit log.

The other options are all relative to the audit masks creation and manipulation and are more or less self explanatory.

Where and how does the engine store the audit information?

There are three types of audit information in the auditing facility:

1. The audit masks definition
2. The audit facility configuration (level, path, file size and error mode)
3. The audit logs or the audited information

The audit mask definitions are stored in the sysmaster database and it will survive any reboot. The sysmaster database has several tables containing audit configuration info: sysaudit, sysadtinfo, syscrtadt.

The audit facility configuration is stored in a file called adtcfg.<servernum> located in the $INFORMIXDIR/aaodir. Please note that there is an annoying bug relative to this file usage: Whenever you change the audit facility configuration this file will be updated, but when the server starts it looks at the contents of the file called adtcfg located in the same directory. So you must copy the adtcfg.<servernum> file to adtcfg. This is also one of the reasons why this directory should be unique for each $INFORMIXDIR you have on the same system. This bug did not happen in my testing environment with IDS 11.50.UC1. I hit it with previous versions (7.31.FD7 and 10.00.FC4).
This file contains the following configuration parameters:

• ADTMODE
  The audit level
  
• ADTPATH
  The path where the audit log files are created
  
• ADTSIZE
  The size for each audit log file (in bytes)
  
• ADTERR
  The error mode of the audit facility
  

Finally, the audit logs will be created in the path specified by the -p option of onaudit or by the ADTPATH configuration parameter of the adtcfg file.

What do the audit logs contain?

The audit logs are text files that contain entries for each action run from the list of audit actions.
The information for each line will have the same structure, but some fields contain different meanings for different mnemonics or actions.
IDS provides an utility called onshowaudit that will read these audit logs and will generate pipe separated files that you can load into a table with the following structure:


CREATE TABLE frag_logs (
adttag CHAR(4), -- The audited mnemonic
date_time DATETIME YEAR TO FRACTION(3), -- The action timestamp
hostname CHAR(18), -- The client hostname
pid INT, -- The client PID
server CHAR(18), -- The DB server name
username CHAR(8), -- The username
errno INT, -- The error number
code CHAR(4), -- The error code
dbname CHAR(18), -- The database name
tabid INT, -- The table or object ID
objname CHAR(18), -- The object name
extra_1 INT, -- Extra info specific for the mnemonic
partno INT, -- Partition number (usefull for partitioned tables)
row_num INT, -- The row ID
login CHAR(8), -- The database login
flags INT, -- Flags specific for each mnemonic
extra_2 VARCHAR(160,1) -- Extra info specifc for the mnemonic
);


The audit logs will have a name with the following nomenclature: <servername>.<log_number>. The log_number will be a sequential number. When the current file reaches the size of ADTSIZE, this number is incremented and a new file is created. Only the AAOs will be able to access these files, so once again, this will prevent any change by people who manage the instance (DBSSAs) or by people who define the audit masks (DBSSOs).


How painful is the auditing?

This is the million dollar question. Every customer that thinks about implementing the audit functionality asks how much impact will it have on their instances? And usually they want an answer specifying a percentage of performance impact... Unfortunately for me, I will never receive a million dollars by answering this question, simply because there is no answer!
Let's keep this topic on the technical level... How can we specify the impact if we don't know what (and who) will be audited? And even if we did, how could we specify the impact, if we don't know how many times the audited actions will happen?
Although I really think there is no answer, we can of course discuss this topic... For example, let's consider that we want to audit everybody, but we only want to audit the session creation (STSN), and the GRANTs and REVOKEs on tables (GRTB and RVTB). In a normal system you can do this and will probably don't even be able to measure a performance impact... I mean, how many CONNECTs and GRANT/REVOKEs do you do?
On the other hand, let's imagine you want to audit every table row that it read by everyone (RDRW). I'd bet your instance will suffer a very large impact.
So, regarding performance costs, what we need is to clearly define the needs of the auditing process, and to accept that some things just can't be audited (unless you reduce it to a few users for example). Establishing the RDRW mnemonic may be acceptable if you define it just for your DBAs... In short, the million dollar answer would be "it depends", but no one would pay so much money for such a poor answer...

Examples

I will try to show some very basic configuration of the audit facility, in order to demonstrate the concepts exposed above. I will implement role separation. Let's start with a fresh IDS 11.50 installation in /usr/informix:



[root@PacMan srvr1150uc1]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@PacMan srvr1150uc1]# pwd
/usr/informix/srvr1150uc1
[root@PacMan srvr1150uc1]# ls -lia
total 132
750742 drwxr-xr-x 25 informix informix 4096 Jul 13 17:25 .
456970 drwxr-xr-x 12 informix informix 4096 Jul 13 17:14 ..
750755 drwxrwxr-x 2 informix informix 4096 Jul 13 17:25 aaodir
750756 drwxr-xr-x 2 informix informix 4096 Jul 13 17:26 bin
750757 drwxrwxr-x 2 informix informix 4096 Jul 13 17:25 dbssodir
752279 drwxrwxr-x 4 root root 4096 Jul 13 17:25 demo
750767 drwxr-xr-x 3 informix informix 4096 Jul 13 17:25 doc
750760 drwxrwxr-x 4 informix informix 4096 Jul 13 17:26 etc
751451 drwxr-xr-x 12 informix informix 4096 Jul 13 17:25 extend
752645 drwxrwxr-x 2 root root 4096 Jul 13 17:25 forms
750774 drwxr-xr-x 7 informix informix 4096 Jul 13 17:25 gls
751483 drwxr-xr-x 3 informix informix 4096 Jul 13 17:25 gsk
751478 drwxr-xr-x 2 informix informix 4096 Jul 13 17:26 gskit
752401 drwxrwxr-x 4 root root 4096 Jul 13 17:25 help
750754 drwxr-xr-x 2 informix informix 4096 Jul 13 17:25 ids_license
750762 drwxr-xr-x 6 informix informix 4096 Jul 13 17:25 incl
752232 drwxrwxr-x 2 root root 4096 Jul 13 17:25 ism
750758 drwxr-xr-x 3 informix informix 4096 Jul 13 17:25 lib
750751 drwxr-xr-x 3 informix informix 4096 Jul 13 17:25 master_license
750771 drwxr-xr-x 3 informix informix 4096 Jul 13 17:25 msg
750764 drwxr-xr-x 3 informix informix 4096 Jul 13 17:25 release
752736 drwxrwxr-x 4 root root 4096 Jul 13 17:25 snmp
751482 drwxrwx--- 2 informix informix 4096 Jul 13 17:25 ssl
750749 drwxrwx--- 2 informix informix 4096 Jul 13 20:39 tmp
752765 drwxr-xr-x 2 informix informix 4096 Jul 13 17:25 uninstall_ids1150
751450 -rwxr-xr-x 1 root informix 29713 Apr 25 00:42 uninstallserver
[root@PacMan srvr1150uc1]#


Then, using the ixvirtdir script I'll create a new INFORMIXDIR called srvr1150uc1_cheetah2:


[root@PacMan srvr1150uc1]# ixvirtdir /usr/informix/srvr1150uc1/ /usr/informix/srvr1150uc1_cheetah2 11.5 ixdbsa ixaao ixdbsso


[root@PacMan srvr1150uc1]# ls -lia /usr/informix/srvr1150uc1_cheetah2/
total 24
456978 drwxr-xr-x 6 informix informix 4096 Jul 14 00:41 .
456970 drwxr-xr-x 13 informix informix 4096 Jul 14 00:41 ..
457097 drwxrwx--- 2 informix ixaao 4096 Jul 14 00:41 aaodir
457079 lrwxrwxrwx 1 informix informix 29 Jul 14 00:41 bin -> /usr/informix/srvr1150uc1/bin
457096 drwxrwx--- 2 informix ixdbsso 4096 Jul 14 00:41 dbssodir
457080 lrwxrwxrwx 1 informix informix 30 Jul 14 00:41 demo -> /usr/informix/srvr1150uc1/demo
457081 lrwxrwxrwx 1 informix informix 29 Jul 14 00:41 doc -> /usr/informix/srvr1150uc1/doc
457098 drwxrwxr-x 4 informix ixdbsa 4096 Jul 14 00:41 etc
457082 lrwxrwxrwx 1 informix informix 32 Jul 14 00:41 extend -> /usr/informix/srvr1150uc1/extend
457083 lrwxrwxrwx 1 informix informix 31 Jul 14 00:41 forms -> /usr/informix/srvr1150uc1/forms
457084 lrwxrwxrwx 1 informix informix 29 Jul 14 00:41 gls -> /usr/informix/srvr1150uc1/gls
457095 lrwxrwxrwx 1 informix informix 29 Jul 14 00:41 gsk -> /usr/informix/srvr1150uc1/gsk
457094 lrwxrwxrwx 1 informix informix 31 Jul 14 00:41 gskit -> /usr/informix/srvr1150uc1/gskit
457085 lrwxrwxrwx 1 informix informix 30 Jul 14 00:41 help -> /usr/informix/srvr1150uc1/help
457092 lrwxrwxrwx 1 informix informix 37 Jul 14 00:41 ids_license -> /usr/informix/srvr1150uc1/ids_license
457086 lrwxrwxrwx 1 informix informix 30 Jul 14 00:41 incl -> /usr/informix/srvr1150uc1/incl
457087 lrwxrwxrwx 1 informix informix 29 Jul 14 00:41 ism -> /usr/informix/srvr1150uc1/ism
457088 lrwxrwxrwx 1 informix informix 29 Jul 14 00:41 lib -> /usr/informix/srvr1150uc1/lib
457093 lrwxrwxrwx 1 informix informix 40 Jul 14 00:41 master_license -> /usr/informix/srvr1150uc1/master_license
457089 lrwxrwxrwx 1 informix informix 29 Jul 14 00:41 msg -> /usr/informix/srvr1150uc1/msg
457090 lrwxrwxrwx 1 informix informix 33 Jul 14 00:41 release -> /usr/informix/srvr1150uc1/release
457091 lrwxrwxrwx 1 informix informix 30 Jul 14 00:41 snmp -> /usr/informix/srvr1150uc1/snmp
457221 drwxr-xr-x 3 informix informix 4096 Jul 14 00:41 ssl




We need to make oninit executable to anyone:


cheetah2@PacMan.onlinedomus.net:informix-> ls -lia $INFORMIXDIR/bin/oninit
750793 -rwsr-sr-x 1 root informix 15274592 Jul 13 17:26 /usr/informix/srvr1150uc1_cheetah2/bin/oninit


Then I setup several users for several roles:

• dbsauser belongs to ixdbsa group, will be the DBSA
• ssouser belongs to ixdbsso group will be the DBSSO
• aaouser belongs to ixaao group will be the AAO

I will not use user informix except for storage file creation.
So, as user dbsauser I will initialize the instance:


cheetah2@PacMan.onlinedomus.net:dbsauser-> id
uid=506(dbsauser) gid=506(ixdbsa) groups=506(ixdbsa)
cheetah2@PacMan.onlinedomus.net:dbsauser-> oninit -iwv

This action will initialize IBM Informix Dynamic Server;
any existing IBM Informix Dynamic Server databases will NOT be accessible -
Do you wish to continue (y/n)? y
Checking group membership to determine server run mode...succeeded
Reading configuration file '/usr/informix/srvr1150uc1_cheetah2/etc/onconfig.cheetah2'...succeeded
Creating /INFORMIXTMP/.infxdirs...succeeded
Creating infos file "/usr/informix/srvr1150uc1_cheetah2/etc/.infos.cheetah2"...succeeded
Linking conf file "/usr/informix/srvr1150uc1_cheetah2/etc/.conf.cheetah2"...succeeded
Checking config parameters...succeeded
Writing to infos file...succeeded
Allocating and attaching to shared memory...succeeded
Creating resident pool 4818 kbytes...succeeded
Allocating 50016 kbytes for buffer pool of 2K page size...succeeded
Initializing rhead structure...
succeeded
Initialization of Encryption...succeeded
Initializing ASF...succeeded
Initializing Dictionary Cache and SPL Routine Cache...succeeded
Bringing up ADM VP...succeeded
Creating VP classes...succeeded
Onlining 0 additional cpu vps...succeeded
Onlining 2 IO vps...succeeded
Forking main_loop thread...succeeded
Initializing DR structures...succeeded
Forking 1 'soctcp' listener threads...succeeded
Starting tracing...succeeded
Initializing 8 flushers...succeeded
Initializing log/checkpoint information...succeeded
Initializing dbspaces...succeeded
Opening primary chunks...succeeded
Opening mirror chunks...succeeded
Validating chunks...succeeded
Creating database partition...succeeded
Initialize Async Log Flusher...succeeded
Forking btree cleaner...succeeded
Initializing DBSPACETEMP list...succeeded
Checking database partition index...succeeded
Initializing dataskip structure...succeeded
Checking for temporary tables to drop...succeeded
Forking onmode_mon thread...succeeded
Starting scheduling system...succeeded
Verbose output complete: mode = 5
cheetah2@PacMan.onlinedomus.net:dbsauser->
cheetah2@PacMan.onlinedomus.net:dbsauser-> onstat -

IBM Informix Dynamic Server Version 11.50.UC1 -- On-Line -- Up 00:00:39 -- 88060 Kbytes

cheetah2@PacMan.onlinedomus.net:dbsauser-> onstat -m

IBM Informix Dynamic Server Version 11.50.UC1 -- On-Line -- Up 00:00:41 -- 88060 Kbytes

Message Log File: /usr/informix/logs/cheetah2.log
23:12:03 Checkpoint Statistics - Avg. Txn Block Time 0.000, # Txns blocked 0, Plog used 134, Llog used 1123

23:12:04 'sysmaster' database built successfully.
23:12:05 'sysutils' database built successfully.
23:12:05 'sysuser' database built successfully.
23:12:11 Building 'sysadmin' database ...
23:12:11 dynamically allocated 2000 locks
23:12:12 Loading Module
23:12:13 Unloading Module
23:12:13 Loading Module
23:12:13 'sysadmin' database built successfully.
23:12:13 Logical Log 3 Complete, timestamp: 0x20a1b.
23:12:13 SCHAPI: Started dbScheduler thread.
23:12:13 SCHAPI: Started 2 dbWorker threads.
23:12:13 Checkpoint Completed: duration was 1 seconds.
23:12:13 Wed Jul 16 - loguniq 4, logpos 0x206018, timestamp: 0x214ce Interval: 6

23:12:13 Maximum server connections 1
23:12:13 Checkpoint Statistics - Avg. Txn Block Time 0.000, # Txns blocked 1, Plog used 177, Llog used 2086


Perfect... Instance up and running, without user Informix... ok... I cheated a little bit, because I had previously touched/chmod the rootdbs chunk file and gave group permissions for the $INFORMIXDIR/etc/$ONCONFIG file...


No I will create a normal dbspace and a temporary dbspace. Again, the file creation should be done as user informix. After this let's create the stores demo database...


cheetah2@PacMan.onlinedomus.net:informix-> id
uid=501(informix) gid=501(informix) groups=501(informix)
cheetah2@PacMan.onlinedomus.net:informix-> pwd
/usr/informix/discos/cheetah2
cheetah2@PacMan.onlinedomus.net:informix-> touch dbs1.c1 temp1.c1
cheetah2@PacMan.onlinedomus.net:informix-> chmod 660 dbs1.c1 temp1.c1
cheetah2@PacMan.onlinedomus.net:informix-> ls -l
total 150152
-rw-rw---- 1 informix informix 0 Jul 16 23:18 dbs1.c1
-rw-rw---- 1 informix informix 153600000 Jul 16 23:17 root_dbs.c1
-rw-rw---- 1 informix informix 0 Jul 16 23:18 temp1.c1
cheetah2@PacMan.onlinedomus.net:informix->


And again as user dbsauser:


cheetah2@PacMan.onlinedomus.net:dbsauser-> id
uid=506(dbsauser) gid=506(ixdbsa) groups=506(ixdbsa)
cheetah2@PacMan.onlinedomus.net:dbsauser-> onspaces -c -d dbs1 -p /usr/informix/discos/cheetah2/dbs1.c1 -s 50000 -o 0
Verifying physical disk space, please wait ...
Space successfully added.

** WARNING ** A level 0 archive of Root DBSpace will need to be done.
cheetah2@PacMan.onlinedomus.net:dbsauser-> onspaces -c -d temp1 -t -p /usr/informix/discos/cheetah2/temp1.c1 -s 10000 -o 0
Verifying physical disk space, please wait ...
Space successfully added.
cheetah2@PacMan.onlinedomus.net:dbsauser-> onstat -d

IBM Informix Dynamic Server Version 11.50.UC1 -- On-Line -- Up 00:09:00 -- 88060 Kbytes

Dbspaces
address number flags fchunk nchunks pgsize flags owner name
477787f8 1 0x60001 1 1 2048 N B informix rootdbs
4890fb40 2 0x60001 2 1 2048 N B informix dbs1
487c5e60 3 0x42001 3 1 2048 N TB informix temp1
3 active, 2047 maximum

Chunks
address chunk/dbs offset size free bpages flags pathname
47778958 1 1 0 75000 19181 PO-B /usr/informix/discos/cheetah2/root_dbs.c1
4890fca0 2 2 0 25000 24947 PO-B /usr/informix/discos/cheetah2/dbs1.c1
4889e778 3 3 0 5000 4947 PO-B /usr/informix/discos/cheetah2/temp1.c1
3 active, 32766 maximum

NOTE: The values in the "size" and "free" columns for DBspace chunks are
displayed in terms of "pgsize" of the DBspace to which they belong.

Expanded chunk capacity mode: always

cheetah2@PacMan.onlinedomus.net:dbsauser->


cheetah2@PacMan.onlinedomus.net:dbsauser-> dbaccessdemo stores_demo -log -dbspace dbs1

DBACCESS Demonstration Database Installation Script

Dropping existing stores_demo database ....

Creating stores_demo database ....


So, we have a functional instance with the usual stores_demo database.
Now we need to start the auditing facility... Let's try running onaudit with the dbsauser:


cheetah2@PacMan.onlinedomus.net:dbsauser-> id
uid=506(dbsauser) gid=506(ixdbsa) groups=506(ixdbsa)
cheetah2@PacMan.onlinedomus.net:dbsauser-> onaudit
Onaudit -- Audit Subsystem Configuration Utility


Must be an AAO or DBSSO to run this program.


So, as expected, the instance administrator which in this simple case is also the database administrator for stores_demo can't even run the onaudit utility... Let's change our identity to aaouser and activate the audit facility, but first, let's try to exceed our role... Let's stop the instance!


cheetah2@PacMan.onlinedomus.net:aaouser-> id
uid=508(aaouser) gid=507(ixaao) groups=507(ixaao)
cheetah2@PacMan.onlinedomus.net:aaouser-> onmode -ky

Must be a DBSA to run this program
cheetah2@PacMan.onlinedomus.net:aaouser->


Sorry... we can't... We're not a DBSA... :)

But we should be able to configure the audit... Check it:



cheetah2@PacMan.onlinedomus.net:aaouser-> id
uid=508(aaouser) gid=507(ixaao) groups=507(ixaao)
cheetah2@PacMan.onlinedomus.net:aaouser-> ls -l $INFORMIXDIR/aaodir
total 8
-rw-rw-r-- 1 informix informix 1120 Apr 25 00:42 adtcfg
-rw-r--r-- 1 informix informix 812 Apr 25 00:42 adtcfg.std
cheetah2@PacMan.onlinedomus.net:aaouser-> ls -lia /usr/informix/audit_logs
total 8
457224 d--xrwx--- 2 informix ixaao 4096 Jul 17 23:25 .
456970 drwxr-xr-x 15 informix informix 4096 Jul 17 00:13 ..


No specific ADTCFG file for the engine and no files in the /usr/informix/audit_logs directory, which will be the place to store the audit trail files.
Let's activate the audit facility:


cheetah2@PacMan.onlinedomus.net:aaouser-> onaudit -l 7 -e 0 -p /usr/informix/audit_logs -s 50000
Onaudit -- Audit Subsystem Configuration Utility

cheetah2@PacMan.onlinedomus.net:aaouser-> ls -l $INFORMIXDIR/aaodir
total 12
-rw-rw-r-- 1 informix informix 1120 Apr 25 00:42 adtcfg
-rw-rw-r-- 1 informix informix 1216 Jul 18 00:04 adtcfg.0
-rw-r--r-- 1 informix informix 812 Apr 25 00:42 adtcfg.std

So now, we have the adtcfg.0 (0 is the instance SERVERNUM).


cheetah2@PacMan.onlinedomus.net:aaouser-> ls -lia /usr/informix/audit_logs
total 8
457224 d--xrwx--- 2 informix ixaao 4096 Jul 18 00:04 .
456970 drwxr-xr-x 15 informix informix 4096 Jul 17 00:13 ..
459479 -rw-rw---- 1 informix ixaao 0 Jul 18 00:04 cheetah2.0


And we already have an audit trail file. The suffix is a number which will increment when we change the file (using onaudit or when one file reaches the size we specified.


cheetah2@PacMan.onlinedomus.net:aaouser-> onaudit -c
Onaudit -- Audit Subsystem Configuration Utility

Current audit system configuration:
ADTMODE = 7
ADTERR = 0
ADTPATH = /usr/informix/audit_logs
ADTSIZE = 50000
Audit file = 0
cheetah2@PacMan.onlinedomus.net:aaouser->


And we can see the current audit configuration. Take noticed that because we used audit level 7, DBSA and DBSSO actions will be automatically recorded into the audit log. Let's make a test with dbsauser. A simple connect to sysmaster:


cheetah2@PacMan.onlinedomus.net:dbsauser-> id
uid=506(dbsauser) gid=506(ixdbsa) groups=506(ixdbsa)
cheetah2@PacMan.onlinedomus.net:dbsauser-> dbaccess sysmaster <<EOF
select count(*) from sysdatabases;
> EOF

Database selected.



(count(*))

4

1 row(s) retrieved.



Database closed.

cheetah2@PacMan.onlinedomus.net:dbsauser->


and no, let's check the contents of the audit trail file:


cheetah2@PacMan.onlinedomus.net:dbsauser-> id
uid=506(dbsauser) gid=506(ixdbsa) groups=506(ixdbsa)
cheetah2@PacMan.onlinedomus.net:dbsauser-> ls -lia /usr/informix/audit_logs/
ls: /usr/informix/audit_logs/: Permission denied
cheetah2@PacMan.onlinedomus.net:dbsauser-> cat /usr/informix/audit_logs/cheetah2.0
cat: /usr/informix/audit_logs/cheetah.0: Permission denied
cheetah2@PacMan.onlinedomus.net:dbsauser->


Hmmm... what is a DBSA trying to check something only AAO should do?! :)
So, let's now do it with the correct user:


cheetah2@PacMan.onlinedomus.net:aaouser-> id
uid=508(aaouser) gid=507(ixaao) groups=507(ixaao)
cheetah2@PacMan.onlinedomus.net:aaouser-> ls -lia /usr/informix/audit_logs/
total 12
457224 d--xrwx--- 2 informix ixaao 4096 Jul 18 00:04 .
456970 drwxr-xr-x 15 informix informix 4096 Jul 17 00:13 ..
459479 -rw-rw---- 1 informix ixaao 937 Jul 18 00:14 cheetah2.0
cheetah2@PacMan.onlinedomus.net:aaouser-> cat /usr/informix/audit_logs/cheetah2.0
ONLN|2008-07-18 00:14:49.000|PacMan.onlinedomus.net|4386|cheetah2|dbsauser|0:STSN
ONLN|2008-07-18 00:14:49.000|PacMan.onlinedomus.net|4386|cheetah2|dbsauser|0:OPDB:sysmaster:0:-
ONLN|2008-07-18 00:14:49.000|PacMan.onlinedomus.net|4386|cheetah2|dbsauser|0:ACTB:sysmaster:informix:sysdatabases:247
ONLN|2008-07-18 00:14:49.000|PacMan.onlinedomus.net|4386|cheetah2|dbsauser|0:ACTB:sysmaster:informix:sysdbspartn:100
ONLN|2008-07-18 00:14:50.000|PacMan.onlinedomus.net|4386|cheetah2|dbsauser|0:RDRW:sysmaster:100:1048578:513
ONLN|2008-07-18 00:14:50.000|PacMan.onlinedomus.net|4386|cheetah2|dbsauser|0:RDRW:sysmaster:100:1048578:514
ONLN|2008-07-18 00:14:50.000|PacMan.onlinedomus.net|4386|cheetah2|dbsauser|0:RDRW:sysmaster:100:1048578:515
ONLN|2008-07-18 00:14:50.000|PacMan.onlinedomus.net|4386|cheetah2|dbsauser|0:RDRW:sysmaster:100:1048578:516
ONLN|2008-07-18 00:14:50.000|PacMan.onlinedomus.net|4386|cheetah2|dbsauser|0:CLDB:sysmaster
cheetah2@PacMan.onlinedomus.net:aaouser->


Ah... Ok, now we have the audited data... Let's check it by mnemonic:

1. STSN
   For STart SessioN, showing timestamp, instance, user, PID...
2. OPDB
   For OPen DataBase, showing timestamp, instance, user, database, PID, return code...
3. ACTB
   For ACess TaBle, showing the table, the table owner/schema, the database etc.
4. RDRW
   For ReaD RoW, showing the timestamp, instance, database, table id and rowid
5. CLDB
   For CLose DataBase, showing the timestamp, instance, PID and database...

This simple test shows you the potential that RDRW has to damage your instance performance... A full table scan on a big table will be enough to fill thounsands or millions of audit trail entry lines.

Now, let's create the _default global mask. I'll use user informix to test it.
To start, let's audit the same events we saw in the previous example, but first let's change the audit log:


cheetah2@PacMan.onlinedomus.net:aaouser-> id
uid=508(aaouser) gid=507(ixaao) groups=507(ixaao)
cheetah2@PacMan.onlinedomus.net:aaouser-> ls -ltr /usr/informix/audit_logs/
total 0
-rw-rw---- 1 informix ixaao 937 Jul 20 17:37 cheetah2.0
cheetah2@PacMan.onlinedomus.net:aaouser-> onaudit -n
Onaudit -- Audit Subsystem Configuration Utility

cheetah2@PacMan.onlinedomus.net:aaouser-> ls -ltr /usr/informix/audit_logs/
total 0
-rw-rw---- 1 informix ixaao 937 Jul 20 17:37 cheetah2.0
-rw-rw---- 1 informix ixaao 0 Jul 20 17:40 cheetah2.1
cheetah2@PacMan.onlinedomus.net:aaouser->


And now, with the ssouser, let's create the _default mask:


cheetah2@PacMan.onlinedomus.net:ssouser-> id
uid=507(ssouser) gid=508(ixdbsso) groups=508(ixdbsso)
cheetah2@PacMan.onlinedomus.net:ssouser-> ls -ltr /usr/informix/audit_logs/
ls: /usr/informix/audit_logs/: Permission denied
cheetah2@PacMan.onlinedomus.net:ssouser-> id
uid=507(ssouser) gid=508(ixdbsso) groups=508(ixdbsso)
cheetah2@PacMan.onlinedomus.net:ssouser-> onaudit -a -u _default -e STSN,OPDB,CLDB,ACTB,RDRW
Onaudit -- Audit Subsystem Configuration Utility

cheetah2@PacMan.onlinedomus.net:ssouser-> onaudit -o -y
Onaudit -- Audit Subsystem Configuration Utility

_default - ACTB,CLDB,OPDB,RDRW,STSN
cheetah2@PacMan.onlinedomus.net:ssouser->


And now, using another user, informix, let's do the same we did before and check the audit trail log:


cheetah2@PacMan.onlinedomus.net:informix-> id
uid=501(informix) gid=501(informix) groups=501(informix)
cheetah2@PacMan.onlinedomus.net:informix-> dbaccess sysmaster < select count(*) from sysdatabases;
> EOF

Database selected.



(count(*))

5

1 row(s) retrieved.



Database closed.

cheetah2@PacMan.onlinedomus.net:informix->


And now, the content of the audit trail:


cheetah2@PacMan.onlinedomus.net:aaouser-> id
uid=508(aaouser) gid=507(ixaao) groups=507(ixaao)
cheetah2@PacMan.onlinedomus.net:aaouser-> ls -ltr /usr/informix/audit_logs/
total 0
-rw-rw---- 1 informix ixaao 0 Jul 20 17:37 cheetah2.0
cheetah2@PacMan.onlinedomus.net:aaouser-> onaudit -n
Onaudit -- Audit Subsystem Configuration Utility

cheetah2@PacMan.onlinedomus.net:aaouser-> ls -ltr /usr/informix/audit_logs/
total 0
-rw-rw---- 1 informix ixaao 0 Jul 20 17:37 cheetah2.0
-rw-rw---- 1 informix ixaao 0 Jul 20 17:40 cheetah2.1
cheetah2@PacMan.onlinedomus.net:aaouser-> id
uid=508(aaouser) gid=507(ixaao) groups=507(ixaao)
cheetah2@PacMan.onlinedomus.net:aaouser-> cat /usr/informix/audit_logs/cheetah2.1
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0:STSN
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0:OPDB:sysmaster:0:-
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0:ACTB:sysmaster:informix:sysadtinfo:214
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0:RDRW:sysmaster:214:1025:0
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0:ACTB:sysmaster:informix:sysaudit:261
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0:RDRW:sysmaster:261:1048836:513
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0:ACTB:sysmaster:informix:syscrtadt:215
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0:LSAM:_default
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0:INRW:sysmaster:215:1026:6913
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0:ACTB:sysmaster:informix:syscrtadt:215
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|100:LSAM:_default
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0:INRW:sysmaster:215:1026:6913
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0:CLDB:sysmaster
ONLN|2008-07-20 17:48:24.000|PacMan.onlinedomus.net|8255|cheetah2|informix|0:STSN
ONLN|2008-07-20 17:48:24.000|PacMan.onlinedomus.net|8255|cheetah2|informix|0:OPDB:sysmaster:0:-
ONLN|2008-07-20 17:48:24.000|PacMan.onlinedomus.net|8255|cheetah2|informix|0:ACTB:sysmaster:informix:sysdatabases:247
ONLN|2008-07-20 17:48:24.000|PacMan.onlinedomus.net|8255|cheetah2|informix|0:ACTB:sysmaster:informix:sysdbspartn:100
ONLN|2008-07-20 17:48:24.000|PacMan.onlinedomus.net|8255|cheetah2|informix|0:RDRW:sysmaster:100:1048578:513
ONLN|2008-07-20 17:48:24.000|PacMan.onlinedomus.net|8255|cheetah2|informix|0:RDRW:sysmaster:100:1048578:514
ONLN|2008-07-20 17:48:24.000|PacMan.onlinedomus.net|8255|cheetah2|informix|0:RDRW:sysmaster:100:1048578:515
ONLN|2008-07-20 17:48:24.000|PacMan.onlinedomus.net|8255|cheetah2|informix|0:RDRW:sysmaster:100:1048578:516
ONLN|2008-07-20 17:48:24.000|PacMan.onlinedomus.net|8255|cheetah2|informix|0:RDRW:sysmaster:100:1048578:517
ONLN|2008-07-20 17:48:24.000|PacMan.onlinedomus.net|8255|cheetah2|informix|0:CLDB:sysmaster
cheetah2@PacMan.onlinedomus.net:aaouser->


You may notice that there are entries referring to two Process IDs. The first (8059) refers to the onaudit command we used first to define the _default mask. The other (8255) refers to the dbaccess process and is similar to the first test we did. So, any change to the audit masks, which must be done by a DBSSO user is automatically audited if we choose a correct audit level (as we did).

Again we see the RDRW mnemonic which is able to cause serious performance issues.
This is a nice opportunity to show you the effect of the _exclude mask. Let's include the RDRW in this mask. But first let's change the audit trail log file again with:


cheetah2@PacMan.onlinedomus.net:aaouser-> id
uid=508(aaouser) gid=507(ixaao) groups=507(ixaao)
cheetah2@PacMan.onlinedomus.net:aaouser-> onaudit -n
Onaudit -- Audit Subsystem Configuration Utility

Now, with ssouser, let's add the _exclude audit mask:


cheetah2@PacMan.onlinedomus.net:ssouser-> id
uid=507(ssouser) gid=508(ixdbsso) groups=508(ixdbsso)
cheetah2@PacMan.onlinedomus.net:ssouser-> onaudit -a -u _exclude -e RDRW
Onaudit -- Audit Subsystem Configuration Utility

cheetah2@PacMan.onlinedomus.net:ssouser->


Since we're using audit level 7, this action should have been logged. Let's see how:


cheetah2@PacMan.onlinedomus.net:aaouser-> id
uid=508(aaouser) gid=507(ixaao) groups=507(ixaao)
cheetah2@PacMan.onlinedomus.net:aaouser-> cat /usr/informix/audit_logs/cheetah2.2
ONLN|2008-07-20 18:21:38.000|PacMan.onlinedomus.net|8478|cheetah2|aaouser|0:ACTB:sysmaster:informix:syscrtadt:215
ONLN|2008-07-20 18:21:38.000|PacMan.onlinedomus.net|8478|cheetah2|aaouser|0:CLDB:sysmaster
ONLN|2008-07-20 18:22:42.000|PacMan.onlinedomus.net|8484|cheetah2|ssouser|0:STSN
ONLN|2008-07-20 18:22:42.000|PacMan.onlinedomus.net|8484|cheetah2|ssouser|0:OPDB:sysmaster:0:-
ONLN|2008-07-20 18:22:42.000|PacMan.onlinedomus.net|8484|cheetah2|ssouser|0:ACTB:sysmaster:informix:sysadtinfo:214
ONLN|2008-07-20 18:22:42.000|PacMan.onlinedomus.net|8484|cheetah2|ssouser|0:RDRW:sysmaster:214:1025:0
ONLN|2008-07-20 18:22:42.000|PacMan.onlinedomus.net|8484|cheetah2|ssouser|0:ACTB:sysmaster:informix:sysaudit:261
ONLN|2008-07-20 18:22:42.000|PacMan.onlinedomus.net|8484|cheetah2|ssouser|0:ACTB:sysmaster:informix:syscrtadt:215
ONLN|2008-07-20 18:22:42.000|PacMan.onlinedomus.net|8484|cheetah2|ssouser|100:LSAM:_exclude
ONLN|2008-07-20 18:22:42.000|PacMan.onlinedomus.net|8484|cheetah2|ssouser|0:INRW:sysmaster:215:1026:6913
ONLN|2008-07-20 18:22:42.000|PacMan.onlinedomus.net|8484|cheetah2|ssouser|0:ACTB:sysmaster:informix:sysaudit:261
ONLN|2008-07-20 18:22:42.000|PacMan.onlinedomus.net|8484|cheetah2|ssouser|0:INRW:sysmaster:261:1048836:514
ONLN|2008-07-20 18:22:42.000|PacMan.onlinedomus.net|8484|cheetah2|ssouser|0:ACTB:sysmaster:informix:syscrtadt:215
ONLN|2008-07-20 18:22:42.000|PacMan.onlinedomus.net|8484|cheetah2|ssouser|0:CRAM:_exclude
ONLN|2008-07-20 18:22:42.000|PacMan.onlinedomus.net|8484|cheetah2|ssouser|0:INRW:sysmaster:215:1026:6913
ONLN|2008-07-20 18:22:42.000|PacMan.onlinedomus.net|8484|cheetah2|ssouser|0:CLDB:sysmaster



So the DBSSO action was fully logged. Now let's change to another audit log file, and repeat the same dbaccess we did previously with user dbsauser:


cheetah2@PacMan.onlinedomus.net:aaouser-> id
uid=508(aaouser) gid=507(ixaao) groups=507(ixaao)
cheetah2@PacMan.onlinedomus.net:aaouser-> onaudit -n
Onaudit -- Audit Subsystem Configuration Utility

cheetah2@PacMan.onlinedomus.net:aaouser->



and let's see the file contents:


ONLN|2008-07-20 18:23:00.000|PacMan.onlinedomus.net|8486|cheetah2|informix|0:STSN
ONLN|2008-07-20 18:23:00.000|PacMan.onlinedomus.net|8486|cheetah2|informix|0:OPDB:sysmaster:0:-
ONLN|2008-07-20 18:23:00.000|PacMan.onlinedomus.net|8486|cheetah2|informix|0:ACTB:sysmaster:informix:sysdatabases:247
ONLN|2008-07-20 18:23:00.000|PacMan.onlinedomus.net|8486|cheetah2|informix|0:ACTB:sysmaster:informix:sysdbspartn:100
ONLN|2008-07-20 18:23:00.000|PacMan.onlinedomus.net|8486|cheetah2|informix|0:CLDB:sysmaster
cheetah2@PacMan.onlinedomus.net:aaouser->


So, similar to the previous examples, but without the RDRW event.

These examples should give you a very basic feeling on how we set up and configure the auditing facility. Following, I will try to show how to process the audit files, and how we can use SQL to do it.

Using SQL to analyze your auditing information

I have created an SQL file with the CREATE TABLE above, and I will obtain a file in unload format (PIPE separated), with the contents of the audit logs we generated. To do this I will use the onshowaudit utility:


cheetah2@PacMan.onlinedomus.net:aaouser-> id
uid=508(aaouser) gid=507(ixaao) groups=507(ixaao)
cheetah2@PacMan.onlinedomus.net:aaouser-> onshowaudit -l -I -n 0 >audit_logs.unl

Program Over.

cheetah2@PacMan.onlinedomus.net:aaouser-> head -30 audit_logs.unl

ONSHOWAUDIT Secure Audit Utility
INFORMIX-SQL Version 11.50.UC1
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0|STSN||||||||||
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0|OPDB|sysmaster|||||||0|-|
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0|ACTB|sysmaster|214|||||informix||sysadtinfo|
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0|RDRW|sysmaster|214|||1025|0||||
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0|ACTB|sysmaster|261|||||informix||sysaudit|
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0|RDRW|sysmaster|261|||1048836|513||||
ONLN|2008-07-20 17:44:15.000|PacMan.onlinedomus.net|8059|cheetah2|ssouser|0|ACTB|sysmaster|215|||||informix||syscrtadt|
cheetah2@PacMan.onlinedomus.net:aaouser->


As you can see there are 3 annoying header lines at the top. I erased them with vi.
So now, we're prepared to load this into an audit table that we create with the SQL above:


cheetah2@PacMan.onlinedomus.net:aaouser-> dbaccess stores_demo frag_logs.sql

Database selected.


Table created.


Database closed.

cheetah2@PacMan.onlinedomus.net:aaouser-> dbaccess stores_demo -

Database selected.

> load from audit_logs.unl insert into frag_logs;

58 row(s) loaded.

> cheetah2@PacMan.onlinedomus.net:aaouser->



So now, you have a table with all the info collected by the auditing facility. You can then explore it using simple SQL. You can search for specific entries or simply create reports based on it.

Hopefully this will be enough to get you started with the auditing facility, but I'd like to point out several possible problems (with solutions) and a few other considerations.


Possible issues:

1. Versions 9.x, 10.x and 11.x may raise an error like:
   
Onaudit -- Audit Subsystem Configuration Utility

Cannot set audit configuration parameters.
Problem may be caused by lack of permission, bad
parameter values, or bad parameter combinations.

   This error usually relates to the fact that the oninit processes are not running as user root.
   This was done in versions 7.x, but was changed in versions 9.x. If running versions 9.x and versions 10.x you may set a variable called NONROOT_OFF to value 1:
   
NONROOT_OFF=1
export NONROOT_OFF

   before starting the instance. This will force the oninit processes to run as root. The need to run as root derives from the fact that the engine must create the audit log files with specific user/group and root privileges are needed for this.
   At least in IDS 11.50 this doesn't happen if you start your intance using a DBSA user.
   
2. In some IDS versions you may need to explicitly grant privileges on the sysmaster tables to the DBSSO and/or AAO users. The tables are sysmaster:sysadtinfo and sysmaster:sysaudit
3. In some IDS versions, the audit facility will change/create the adtcfg.<servernum> file, but the instance will only look at the adtcfg file on startup. Be sure to confirm your version doesn't have this issue, or if it has, be sure to copy the file generated by the auditing facility to the one used by the instance startup process. In this case you have to do this after each change of the auditing facility configuration
   

Note that on version 11.50 which I used to generate the examples on this article, I didn't notice any of the above issues. I could reproduce the first one only if I start the engine with user informix which I didn't include in the group od DBSAs

Final recommendations

• Test everything in a test environment using the same OS and IDS version you use in production. Some of the changes may cause your system to become unusable or unstable if something goes wrong
• If you think about using the auditing facility for compliance reasons, don't do it without creating full role separation
• If you implement full role separation, be sure that the different teams and/or users are able to work together, and that each one understands the impact of his activity in the overall use of your database instance(s)
• Consider carefully the settings for ADTERR. Informix allows you to choose what to do if you can't register the events on the auditing log. This setting can decide the instance availability
• Think carefully about how to use the auditing logs information. If you intend to use SQL for processing the information, be sure to guarantee that the information can only be managed by the AAO group users. Informix does everything to guarantee the audit logs information security, so you must be sure to guarantee this security after you extract the info and process it. Consider using a different instance and possibly a different machine to process this data
• Understand that the auditing information can be useful for your database administration purposes. To give you an example I help managing a reasonable sized system and the audit facility was the best way to measure some things like:




• We had 11 connections per second
• We execute more than 90 stored procedures per second
• We create more than 6 temporary tables per second
  


• Think very carefully about activating some action mnemonics like RDRW, INRW and DLRW. This can have a dramatic impact on your intance performance. It really depends on which users will use masks with this mnemonics active, and how many DML operations they do.
  
  

References:

• The first part of this article
  http://informix-technology.blogspot.com/2008/02/compliance-role-separation-and-audit.html
  
  
• The IDS 11.50 security manual
  http://publib.boulder.ibm.com/infocenter/idshelp/v115/topic/com.ibm.sec.doc/SEC_wrapper.htm
• The IDS 11.50 list of auditing mnemonics:
  http://publib.boulder.ibm.com/infocenter/idshelp/v115/topic/com.ibm.sec.doc/ids_au_105.html
• Security and compliance solutions for IBM Informix Dynamic Server (Redbook)
  http://www.redbooks.ibm.com/abstracts/sg247556.html?Open
  

Read more »