Staining deck: lessons learned

I cleaned and stained my deck all by myself this summer. The sanding was done last summer, how is that for procrastination! I think I did all right, however there are still a lot of areas for improvements. Hence this note.

  • I used Rymar Xtreme Weather Wood Sealer, 7630 Sienna. My deck needs 4 gallons. My wife ordered 2 gallons initially. I ordered the third one, then had to order one more. It would have been better to have all 4 gallons available. At the time of this writing, if you order more than 1 gallon, shipping is free;
  • I used a deck cleaner. I sprayed it using a small hand-held squirt type sprayer. That wasn’t efficient. I should have used the larger sprayer with a hand pump;
  • To protect plants around deck from deck cleaner, I used plastics I saved from packaging material. It worked fine;
  • For the floor, use a nap roller made out of microfiber, not foamy/spongy stuff. The foamy/spongy roller works better indoors on a smooth surface;
  • To protect the stucco wall, I taped around it. I used two type of 3M tapes: the coarser one seems to work better outdoors. Somebody suggested that FrogTape works better. I think I’ll try it next time. Also, where there is enough space between the deck and the wall, it might be easier and quicker to insert a card board instead of using masking tape;
  • Use drop cloth when I stain poles supporting the tandem room. I didn’t this time and ended up with a few drops on my pavement;
  • I used brush for sticks/pickets/balusters. Next time I may try a small roller, which can make things quicker;
  • Not directly related to staining, but I should have used the right hose for connection to my electric power washer. My hand was greasy and I had trouble taking the head off the good hose, so I used another one. I should have taken the time to get a wrench to get the head off of the good hose and use it instead. The less than optimal hose leaked. I didn’t do as good a job as I could have with the right hose.
  • Don’t paint myself into a corner. It didn’t happen to me, but it’s always to keep this in mind.
  • Wear protective gloves. I didn’t for a short stretch, and got splinter in my middle finger. That wasn’t fun!

Adding attachment to Outlook 2016 email

A couple of months ago Outlook 2016 on my old PC (Windows 10) started misbehaving:

  • Clicking “Attach File” to add an attachment from my PC to an email message;
  • A window would show up. When it worked, I would be able to move the mouse down and click “Browse This PC…”. However, nowadays this window disappears so quickly that it doesn’t give me enough time to click that “Browse This PC…” item!
  • Web search ensued. Some suggested repairing the mailbox, which I’ve done but to no avail;
  • To get around this, open a windows Explorer window and navigate to the location where the attachment is located, drag it to the email window and release it. Viola, attachment added and you’re done!

Hope this helps!

SQL Server best practice: grant permissions to per-service SID

Since Windows Server 2008/Windows Vista, from SQL Server 2008 onward, SQL Server installation process automatically generates per-service security identifier (SID). Whenever possible, it is recommended to grant rights to this service SID for security reasons, instead of your SQL Server’s startup account, which typically is domain user account.

For example, for performance reasons, I always want to SQL Server to have the following rights: Instant File Initialization and Lock Pages in Memory. The former enables instantaneous data (not log) file growth; whereas the later prevents Windows system from paging SQL Server data to virtual memory on disk.

Those rights can be granted via the Local Security Policy application, secpol.msc. Navigate to Security Settings -> Local Policies -> User Rights Assignment, you’ll find them there. Please note that Instant File Initialization is actually called “Perform volume maintenance tasks”.

Before service SID was introduced, I always granted those rights to SQL Server’s startup account. In my case it was typically a domain\user account. With the introduction of service SID, SQL Server’s resource access rights is the sum of both its startup account and service SID. Therefore it is recommended to grant rights to service SID, for obvious security reasons.

To prove that’s the case, let’s conduct the following experiment. For default instance of SQL Server, its service SID is NT Service\MSSQLSERVER. For named instance, its service SID is NT Service\MSSQL$InstanceName. Please note instant file initialization, once enabled, only works for SQL Server data files, not logs.

1. Assume your SQL Server instance is running under a domain\user account without “Perform volume maintenance tasks”;
2. Run the following code:

dbcc traceon(3004,3605,-1)
go
 
create database TestDb
go
 
exec sp_readerrorlog
go
 
drop database TestDb
go
 
dbcc traceoff(3004,3605,-1)
go

Pay attention to the output of “exec sp_readerrorlog”. You should see something similar to this:

2016-05-19 23:39:35.830 spid51 Zeroing C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\DATA\TestDb.mdf from page 0 to 1024 (0x0 to 0x800000)
2016-05-19 23:39:35.890 spid51 Zeroing completed on C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\DATA\TestDb.mdf (elapsed = 66 ms)

3. Now using secpol.msc, grant your service SID, in my case, NT Service\MSSQLSERVER, the right of “Perform volume maintenance tasks”;
4. Restart SQL Server instance;
5. Repeat step 2, you shouldn’t see entry similar to the one listed above in the error log, indicating that SQL Server has the combined rights of its startup account and its service SID.

By the way, this also applies to data and log folder permissions. Only grant data and log folder permissions to service SID, not its startup account. I have automated that process here.

Happy learning!

Accessing modem status information with Netgear router

If, like me, you bought your own cable modem and Netgear wireless router for Comcast service, the way to access your modem’s status information is different. When using the equipment provided by Comcast, in my case the Technicolor TC8305C, which is a combo of modem, router, and voice, I can easily see modem information while accessing the router page, because it is one device.

To stop paying Comcast’s 10 dollar monthly equipment leasing fee, I purchased my own cable modem and router. I am currently using Netgear Nighthawk R7000. In this combo, to see the modem status information, you need to go to:

http://192.168.100.1

By the way, I am thinking about returning the Nighthawk R7000, for the following reasons:
1. Its web interface is really slow and clunky;
2. Its range, according to this page, is not as good as ASUS;
3. More importantly, when assigning static IP address to a device, the device name cannot be more than 20 characters!

If I do return the Nighthawk R7000, I think I’ll try ASUS RT-AC68U. Do you have suggestions?

Eclipse PDT PHP Web Application Run Configuration

I had some trouble setting up Run Configurations in Eclipse for PHP (PDT plugin). Here is my note for future reference.

Machine: Ubuntu 15 64-bit, with Eclipse Mars. sudo apt-get install php5 installed apache2 for me, so no additional web server install is necessary.

  • Enable userdir mod:
    sudo a2enmod userdir
  • Your /etc/apache2/mods-enabled/userdir.conf should look like this, if not, make it so:
    <ifmodule mod_userdir.c>
            UserDir public_html
            UserDir disabled root
    
            <directory /home/*/public_html>
                    AllowOverride FileInfo AuthConfig Limit Indexes
                    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
                    <limit GET POST OPTIONS>
                            Require all granted
                    </limit>
                    <limitexcept GET POST OPTIONS>
                            Require all denied
                    </limitexcept>
            </directory>
    </ifmodule>
    
    
  • Comment out the user directories section in /etc/apache2/mods-available/php5.conf, like so:
    # Running PHP scripts in user directories is disabled by default
    # 
    # To re-enable PHP in user directories comment the following lines
    # (from <ifmodule ...> to </ifmodule>.) Do NOT set it to On as it
    # prevents .htaccess files from disabling it.
    #<ifmodule mod_userdir.c>
        #<directory /home/*/public_html>
            #php_admin_flag engine Off
        #</directory>
    #</ifmodule>
    
  • Create a public_html directory under your home directory;
  • Run sudo apt-get install php5-xdebug;
  • Run sudo apt-get install php5-mysql, as necessary;
  • Modify /etc/php5/mods-available/xdebug.ini so it has the following lines:
    zend_extension=xdebug.so
    xdebug.remote_enable=1
    
  • In Eclipse, create your PHP web application project under public_html in your home directory;
  • In Eclipse, while under PHP Perspective, click the drop down next to the green run button, and select “Run Configurations…”;
  • Create a new configuration for PHP Web Application. Pay attention to the following two things:
    a. In the Server tab, Server section, the PHP Server should be “Default PHP Web Server”, this is fine.
    eclipsePDT1
    b. Click the “Configure…” button, you’ll see this. Fill in proper “Document Root” value, in my case, /home/haidong/public_html
    eclipsePDT2
    c. Click the Debugger tab, and pick “XDebug”
    eclipsePDT3
    d. Go back to the original configuration screen, pick the proper file, and fill in th URL info, like below
    eclipsePDT1

By the way, Happy 2016 all!