Edventures in Normalcy

I recently came across a scenario where I needed to have a mailto: link include additional details, and particularly an email address in the cc field.  You can configure an HTML mailto: link to include a number of fields:

• Basic Mailto: Link
• To:
• CC:
• BCC:
• Subject:
• Body:

The Mailto: Link
The Mailto: Link is a variation of the standard HTML Hyperlink. It invokes the browser to send an email when the ‘href’ attributes value starts with ‘mailto:’ as below.

To: – Setting the email recipient
The To: field is the only required field of a Mailto: link. This is the email address that the generated email will be sent to.

If you wish to add multiple recipients to the To: field (or the CC: and BCC: fields as shown below) separate the addresses with commas (e.g. admin@example.com,end_user@example.com).

CC: – ‘Carbon Copy’ for adding additional recipients
Note: When adding items to your mailto: link make sure to add a question mark (?) after the ‘To:’ field.

BCC: – ‘Blind Carbon Copy’ for adding hidden recipients
You can also add recipients to the email who will be hidden from the To: and CC: recipients within the email message, by using the BCC: field. If you have already added a CC: (or any other element) to your mailto: link, you should include an ampersand (&) before each additional item.

Subject: – Adding subjects to your emails
The Subject: field in your mailto: link  will allow you to set the emails subject.

Note: A mailto: link can not contain spaces.  When adding a Subject: or Body: field use ‘%20’ instead.

Body: – Making an email template
The final variable of a mailto: link is the Body: attribute.  This allows you to set a specific message within the body of the message. You can enter a line such as, “I would like to unsubscribe from this poop.″ with the following:

Summary
A fully formed mailto: link can be very useful! Use it, and be more awesome!!

SmarterStats, and you.  I ♥ SmarterStats, from a usability standpoint as well as from an administrator/troubleshooter standpoint.  The latest iteration is 7.6.4682, as of this writing. Release notes are found here.  After the installation, including the requirement for .NET 4, it will auto open the Getting Started page, likely at http://localhost:9999/GettingStarted.htm.  It seems that in this version, and possibly prior versions, there is a Getting Started video tour.  I am going to chose to Begin Setup.  The screen we are welcomed with is the License Setup Screen.  If you have a license, go ahead and put it in now.  If not, that is fine.  A license can be added into the system after the setup is complete.

In my example, I am deciding to run SmarterStats as the free edition.  After clicking Next, the Create System Administrator screen is shown:

As you can see the password does have some requirements.

• Cannot be left empty
• Must be at least 5 characters
• The Confirm Password field must match the New Password field.

This does allow one to use the password of ‘admin’ sans quotes.  I recommend against this in a production environment.  Making our way to the Next screen, we have the Default System Settings:

The SmarterLogs Path shown is the default, and quite honestly my preference.  This path is important when troubleshooting issues to a specific site.  The Time Zone setting seems to load based on the local time, and can be changed later on.  I believe we also get the option to set this different per site.  Our final screen is the Default SMTP Settings screen.  Here you can configure how SmarterStats sends email messages.  I usually think of this in terms of reports,standard and custom.  This can be configured after the setup is complete as well.  Once ready click Finish.  This article will be updated with links to specific tasks.

This article is essentially a combination of two articles I had read online. One made it easy to find the errors and the other made it easy to find the fix, but I wanted one place where I could find BOTH. What do you need in place in order to use xp_cmdshell? I warn you, there are obvious security risks and implications for going this route. (I’m not recommending usage of xp_cmdshell in general, and frankly have no clue how to use it, but you don’t need to know how to use it to enable it) We first need to think about what happens here, from an architectural level:

A user who has logged in to SQL Server executes xp_cmdshell. For this, SQL Server need to spawn a process in Windows. A process in Windows need to execute in a Windows user account. How does SQL Server know what Windows account is to be used? If the SQL Server login who is executing xp_cmdshell is sysadmin, then SQL Server will use the service account (it will not “pretend to be somebody else” or emulate another user). However, if the login is not sysadmin, then one would need to configure what Windows account to be used (using sp_xp_cmdshell_proxy_account). Note that this configuration is the same for all non-sysadmins. But there’s a little bit more to it than a single setting. Below is an outline of what needs to be done. Step 2 and 3 are only needed if the one who is to execute xp_cmdshell isn’t sysadmin. Note that the steps don’t have to be performed in the order listed below.

We need to allow usage of xp_cmdshell in general (on 2005 or 2008). Use “Surface Area Configuration” or sp_configure to perform this. We need to have a user in the master database which has execute permission on xp_cmdshell. If you are uncertain about the difference between logins and users, you should read up about it in BOL. We need to say what Windows account should be used when a non-sysadmin user is executing xp_cmdshell.

For users that are not members of the sysadmin role on the SQL Server instance, as mentioned above, you need to do the following actions to grant access to the xp_cmdshell extended stored procedure.

Below are the Errors thrown and the TSQL script correcting said error, that enables this:

(1) Enable the xp_cmdshell procedure

*Msg 15281, Level 16, State 1, Procedure xp_cmdshell, Line 1 SQL Server blocked access to procedure ‘sys.xp_cmdshell’ of component ‘xp_cmdshell’ because this component is turned off as part of the security configuration for this server. A system administrator can enable the use of ‘xp_cmdshell’ by using sp_configure. For more information about enabling ‘xp_cmdshell’, see “Surface Area Configuration” in SQL Server Books Online.*
Fix:

(2) Create a login for the non-sysadmin user that has public access to the master database

*Msg 229, Level 14, State 5, Procedure xp_cmdshell, Line 1 The EXECUTE permission was denied on the object ‘xp_cmdshell’, database ‘mssqlsystemresource’, schema ‘sys’.*
Fix:

(3) Grant EXEC permission on the xp_cmdshell stored procedure

*Msg 229, Level 14, State 5, Procedure xp_cmdshell, Line 1 The EXECUTE permission was denied on the object ‘xp_cmdshell’, database ‘mssqlsystemresource’, schema ‘sys’.*
Fix:

(4) Create a proxy account that xp_cmdshell will be run under using sp_xp_cmdshell_proxy_account

*Msg 15153, Level 16, State 1, Procedure xp_cmdshell, Line 1 The xp_cmdshell proxy account information cannot be retrieved or is invalid. Verify that the ‘##xp_cmdshell_proxy_account##’ credential exists and contains valid information.*
Fix:

Leverage browser caching

• The following cacheable resources have a short freshness lifetime. Specify an expiration at least one week in the future for the following resources:

With a note of: (expiration not specified)

To deal with this, I added the following to my .htaccess file:

This is a modified version of what I saw recommended.  The original as I found it was:

However I had a plugin that added the ‘Header unset ETag’ and ‘FileETag None’ lines.  I found the code here, and you can read up on mod_expires here.  It is good to note that although the message recommends at least 7 days, Google has a  best practices guide found here that recommends 30 days as a minimum.

Edgecast Rules based on Hostname or IP Address, only if you have a common naming convention for the Directory Name, for example:

prefix1_example.net
prefix2_example.org

You can then create a rule:
IF ‘URL Path Directory’ ‘Matches’ Value:
/123456/prefix1_* (I used 123456 in place of the CDN origin path, update this to your settings) ‘Ignore Case’, ‘Relative To’:’Root’
then you can group by prefix on folder name, and have rules for them that way.

Sometimes you want to move a database between hosts, this is an easy way to cut down on the clutter created in the process, is to output the backup directly to the new host.

Slash versus Backslash, I saw this image, after googling,

Make sure you give the user sufficient permissions to the DB they are being given access to, typically being db_datareader, db_datawriter, db_ddladmin, and public.

There is also a SQL statement you can run:

I have not tested this script, use at your own risk.  In my example, I give the last two roles that seem to be not included in scripts mentioned on other sites.

A friend pointed me to this as an option, when trying to find out exactly what is going on with apache, you can run this:

“This one-liner will use strace to attach to all of the currently running apache processes output and piped from the initial “ps auxw” command into some awk.” This has been rewritten to make it a little more flexible with finding the running process, as the original only searched for sbin/apache, and on my server, apache is run from an odd location.