Brookson One umbrella company

Having had my first experience with an umbrella company, I can only say I am not impressed with my first choice, Brookson.

I am now on my eleventh week with Brookson, as an “employee” with an employment contract, weekly pay and holiday allowance.

Except I still haven’t been paid a penny!

Eleven weeks… The first 6 weeks I could barely find anyone to speak to at Brookson. When I did manage to get hold of anyone on the phone, I was always promised they would look into it and call me back, but nothing ever happened. And forget emailing them, despite promises on their website.

Eleven weeks without pay!

Someone did eventually start looking into the pay issue but gave up completely after a few weeks. As I have no prospect of getting paid by Brookson for my last couple of month’s work, not without legal intervention anyway, I will be leaving them.

And their legal team is away with the fairies. Despite my employment contract saying I will be paid at least monthly, and having no clauses attached to that, they insist that they are not in breach of contract. Did I mention eleven weeks without pay?

I also had someone call me who claimed that they were just a payroll company so had no duty to pay me or make sure I get paid. This is despite my only having a contract with them, no-one else, a contract that not only say “Employment contract” but also say that I will get paid.

Avoid at all cost.

Posted in Work/Legal | Tagged , | Leave a comment

AIX IRC channel moving home

Due to the spat over on Freenode, ##aix has (at least for now) setup camp on Libera IRC network.

Please join us!

Freenode spat here:

https://gist.github.com/joepie91/df80d8d36cd9d1bde46ba018af497409

Posted in Uncategorized | 2 Comments

Org-mode plan for IBM ESS upgrade

I was convinced to start using Emacs Org-mode back in January, and have not regretted it. Still learning, and there is much to learn, but I have the basics down.

As I manage some IBM Spectrum Scale (ESS) GPFS clusters, and I was facing the dreaded task of upgrading them, I decided to create and Org-mode plan and I went along.

Always remember that IBM publishes an ESS upgrade document for every specific version, and that must be followed, but this Org-mode plan stream-lines the process and helps you keep track of process and makes sure you don’t miss a step. It comes with commands and URLs to help you with each task.

This Org-mode plan is specifically for an online 5.6.3.2 upgrade on a PPC64LE system without HMC.

http://www.aixperts.co.uk/Org-mode/ESS_Upgrade.org

Hope it helps.

Posted in ESS | Tagged , , , , , | Leave a comment

NDB – Network Block Device setup

I have been trying to setup NBD to present a shared storage device for me to play around with Xen live mobility. NBD is not tricky, but the documentation, both official and Google, is flawed and confusing.

To get a basic device working and mounted, follow the simple guide below.

Setup a basic config file /etc/nbd-server/config

[generic]
user = nbd
group = nbd
listenaddr = 2021:85b:2d9:1::101
allowlist = true

[grafana-root]
exportname = /dev/rootvg/nbdlv

allowlist is not stricly necessary, but it helps being able to list exported devices from the client end whilst configuring all this. Maybe remove it afterwards…

The main thing to take note of in the server configuration is the section heading which contains the device on the server to export. The section heading is what the client sees and connects to. Furthermore, the nbd-client man page appears to be incorrect, so go by the nbd-client usage text which says:

Usage: nbd-client -name|-N name host [port] nbd_device

so the correct way to connect to the device exported is:

nbd-client 2021:85b:2d9:1::101 10809 /dev/nbd0 -N grafana-root

/dev/nbd0 is a device on the client which you can choose from amongst what you can see with the listing ls /dev/nbd*.

From the client, you can see what is exported by the command

nbd-client -l 2021:85b:2d9:1::101

Negotiation: ..
grafana-root

If you get the error

Error: Cannot open NBD: No such file or directory
Please ensure the 'nbd' module is loaded.
Exiting.

you need to load the module for nbd-client: modprobe nbd

If you get the following error

Negotiation: ..Error: Unknown error in reply to NBD_OPT_GO; cannot continue

Is is because you have missed out the -N option with the share name in the command. Despite this option being mandatory, nbd-client doesn’t enforce it and the man page doesn’t even mention the option. Poor form. Or maybe it is because you can specify it in nbdtab, I have not looked in to that.

Generally, nbd is badly documented and has some bugs, not great. But once it is up and running, it is ok.

Posted in Linux | Tagged , , , | Leave a comment

NIM alt_disk_migration and p6 processor mode

I was trying to do a NIM alt_disk_migration on a POWER7 LPAR form AIX 7.1 to 7.2 but the nimadm scripts kept stalling, but without outputting anything interesting, even in debug mode.

In the end I gave up and tried booting the LPAR over the network to do a migration upgrade, but after picking up the kernel from the NIM server, I received this message:

   --> ERROR: This system is not supported for use with AIX 7.2. <--
   model: IBM,9119-FHB        processor: PowerPC,POWER7 (in P6 mode)


           AIX 7.2 requires the POWER7 (or later) processor.
                  This system is operating in P6 mode.

I had to power the LPAR down, go in to the saved profile and change the compatibility mode back to default:

There you go, migration upgrade running…

Posted in AIX | Tagged , , , , , , , , , | Leave a comment

Updating fileset in lpp_source on NIM

If you update your NIM server to a new TL level and you do alt_disk migrations from this NIM server on client servers on lower levels, you need to update the bos.alt_disk.boot_images fileset in both the LPP sources and SPOTs you intend to use.

Say you have downloaded the TL level for your upgraded NIM server to /nim/lpp_source/lpp_source_AIX7204-02 and the older TL level you still want to be able to migrate clients to is 7.2 TL2, then you need to update the bos.alt_disk.boot_images fileset like this:

nim -o update -a packages=bos.alt_disk_install.boot_images -a source=/nim/lpp_source/lpp_source_AIX7204-02 lpp_source_AIX7202-02

List the updated fileset:

nim -o showres lpp_source_AIX7202-02 | grep bos.alt_disk

Now add to the SPOT from the LPP source:

nim -o cust -a filesets=bos.alt_disk_install.boot_images -a lpp_source=lpp_source_AIX7202-02 GOLD_AIX7202-02

And check again:

nim -o showres GOLD_AIX7202-02 | grep bos.alt_disk

Your SPOT should now be operational for alt_disk migrations again.

Posted in AIX | Tagged , , , , | Leave a comment

Only shadow left after exiting sketch in SolidWorks

After upgrading SolidWorks to 2020/21, leaving a sketch left only the shadow on the ground. Hovering the mouse would still show plane outlines in orange though.

It turned out to be caused by a graphics performance setting. Disable “Enhanced graphics performance” and it started working again.

Posted in Software | Tagged , , , | Leave a comment

X11 Forwarding problems

Trying to debug and simultaneously trawling Google for a non-trivial version of this issue:

$ xclock
X11 connection rejected because of wrong authentication.
X connection to localhost:10.0 broken (explicit kill or server shutdown).

I finally cracked it. This was from the outset clearly not your usual xauth list and xauth add issue, nor an issue with the hostname though it did look like a potential candidate at some point.

.Xauthority was clearly updated correctly, so I ended up creating a test user, which worked fine, and here is what I eventually found:

$ unset LDR_PRELOAD LDR_PRELOAD64

These two environment variables broke anything X-related. You can even tell the X library uses those variables by setting it to garbage:

$ xclock
exec(): 0509-036 Cannot load program xclock because of the following errors:
0509-150 Dependent module Tuppence could not be loaded.
0509-022 Cannot load module Tuppence.
0509-026 System error: A file or directory in the path name does not exist.

Unesetting, and it all works fine.

Posted in AIX, Software | Tagged , , , | Leave a comment

When you “can’t” delete a user in MacOS

Or “How to get rid of the first user ever created”, this is about getting dscl error 14120 when trying to delete a user.

I bought a second hand Mac mini which came re-installed but with a user called “User”. After setting up my own admin user, I wanted to delete the original user, which proved to be a bit of a challenge.
Speaking to people or Googling didn’t really get me much closer in a hurry. MacOS users seem to be half-way in between Windows and Linux users when it comes to the “Just re-install” attitude, and people seemed to believe that as long as I was admin myself, I should just be able to delete this user.

That was clearly not the case. Even disabling admin for the user, and setting a new password got me no-where using the GUI. I just prompted with a weird message asking me to type in their password, but it always failed saying their password was wrong, even though it wasn’t.

So, let’s define the axioms for this problem as far as I found out:

  • The first user created is an admin user
  • The first user created is assigned a Secure Token
  • You must have at least one admin user on the system
  • You must have at least one user with a Secure Token

and

  • Subsequent admin users are not assigned Secure Tokens
  • Only a Secure Token user can assign Secure Tokens to other users

To resolve this problem, you need to assign a Secure Token to your own admin user, then delete the other user.

NOTE: The following was done after re-enabling admin on the Secure Token user and being the root command line user.

Trying to attack this problem from the command line got me the following error:

Macmini:Default root# dscl . -delete /Users/user
<main> delete status: eDSPermissionError
<dscl_cmd> DS Error: -14120 (eDSPermissionError)

Having a look around, I found this:

/private/var/db/dslocal/nodes/Defaults/secureaccesstoken.plist

Which lead me on the right Google track.

Macmini:Default root# plutil -p secureaccesstoken.plist 
{
"SecureAccessToken" => {length = 124, bytes = 0x307a8001 008120c1 3970b7ef 87515773 ... f52d75ef a35363a6 }
}

Reading about secure access tokens lead to the sysadminctl command, with which I tried once again to delete the user. This gave me much more informative error:

Macmini:Default root# sysadminctl -deleteUser User -adminUser ADMIN -adminPassword PASSWORD 
2020-06-21 08:56:28.479 sysadminctl[937:15957] User User can not be deleted (it's either last admin user or last secure token user neither of which can be deleted).

Aha! There you go, so, the usage text for ‘sysadminctl‘ listed the -secureTokenOn option:

morsing@Macmini nodes % sudo sysadminctl -adminUser User -adminPassword PASSWORD -secureTokenOn morsing -password PASSWORD
Password:
2020-06-21 14:15:34.072 sysadminctl[527:5170] - Done!

And then it was simple to delete the original user:

morsing@Macmini nodes % sudo dscl . -delete /Users/user

P.S. If you get this error, it is because your Secure Token user isn’t admin:

sysadminctl[1529:37416] setSecureTokenAuthorizationEnabled error Error Domain=com.apple.OpenDirectory Code=5101 "Authentication server refused operation because the current credentials are not authorized for the requested operation." UserInfo={NSLocalizedDescription=Authentication server refused operation because the current credentials are not authorized for the requested operation., NSLocalizedFailureReason=Authentication server refused operation because the current credentials are not authorized for the requested operation.}

And if you get this error, it is because the password for the Secure Token user is wrong:

sysadminctl[1081:27166] Operation is not permitted without secure token unlock.

Posted in Darwin, MacOS | Tagged , , , , , , | Leave a comment

Update Windows System Partition to point to new install

I cloned an SSD disk to a bigger disk using EaseUS Todo Backup, not realising I really needed their Partition Master software. All their software is pretty awesome by the way.

When I tried to boot from the cloned disk, it kept booting Windows on the old disk, a bit like when the LILO/GRUB points to an installation on a different disk.

I started looking in to the Windows world of booting, which uses a 100MB UEFI System Partition at the beginning of the disk to hold boot information. It can even be used for a dual-booting menu for different Windows versions.

To fix my problem, however, I needed to update the cloned system partition to point to the new cloned disk rather than the old one. Here’s how simple it is:

c:\> bcdboot B:\Windows /s E:

B: being your clone Windows SystemRoot and E: being the cloned system partition you want to update. B: and E: obviously varies. You can optionally add /f <firmware type> but I don’t think it matters if you are on the same system the disk will be used in.

The man page for this command can be found below.

https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/bcdboot-command-line-options-techref-di

Posted in Windows | Tagged , , , | Leave a comment