My Tech Notes and Stuff

2011-08-10T22:27:00.000-05:00

How To Form A Nonprofit Public Charity In About 1 Year

posted Aug 6, 2011 8:36 AM by Paul Valentino [ updated 8 hours ago ]

It all started with an idea in the year 2010 at VMworld in San Francisco as outlined on the page:http://www.vcommunitytrust.org/origins

Even though we knew very little about nonprofit organizations we were confident that we would be able to figure things out with the help of the community. We were right; people like @clinek, @SirStan and others came forward to help review our 1023 Application as well as other business documentation. As a result of this assistance we were able to avoid many common pitfalls that companies face when starting a nonprofit organization. Also, keep in mind that the majority of our efforts were coordinated through social media such as twitter and facebook and continue to be to this very day. We have board meetings using Skype due to the distributed nature of our team; we use twitter, facebook, blogging and google apps extensively for providing updates, collaborating on documentation or disseminating information. We've even had the great pleasure of participating in a podcast with our good friend @Niketown588. We would not and could not exist in our current form without these social media resources.

The Office of the Secretary of State and MN Council of Nonprofits websites proved to be key resources for helping to determine requirements for establishing a nonprofit corporation in Minnesota. A wealth of information for establishing a 501(c)(3) nonprofit organization was also found at the IRS web site. Furthermore, one of the greatest forms of assistance came from reviewing examples of other nonprofit 1023 applications, Articles of Organization and Bylaws. Many were found on the web, by request (public charities must provide copies of certain documents for a small fee upon request if they don't already publish them online) and by friends who are members of private foundations and public charities. Of course, we needed to apply our own business plan and mission when drafting our business documents but the examples provided a wealth of direction for satisfying all of the required elements, especially in the case of the attachments to the 1023 Application.

After choosing our name we needed to confirm that it was available. Although it was only required that the name be available in MN, we did a more extensive search to ensure that we wouldn't have any conflicts with naming for companies in other states or countries. We also made sure that we wouldn't have any issues with registering our domain name. To confirm availability in MN we used the Name Availability tool on the Secretary of State website. Once we felt comfortable that we wanted to move forward with the name we filed a name reservation form online with the required fee of $45.00 at the time of our filing September 20, 2010. We also filed for our EIN online with the IRS being careful to follow the instructions for a nonprofit.

We then spent the next three days researching the requirements for a nonprofit organizations Articles of Organization and Bylaws keeping in mind that we intended to apply for 501(c)(3) tax exempt status with the IRS. Amazingly, we had a fully drafted and reviewed set of documents which we submitted on September 23, 2010 with the $80.00 fee and obtained our Certificate of Incorporation as a Minnesota nonprofit formed under 317A on September 24th. The key thing to remember with your business filing is that it must be renewed every year to maintain a nonprofit status; in our case we must go to the Minnesota Office of the Secretary of State siteOnline Annual Renewal Filing page to stay current with our filing (No fee required unless a name change, address change, or registered agent change dictates an Amendment to Articles and associated $45 fee is required for online filing). Similarly, we must file form 990 annually with the IRS and may be eligible to file e-postcard990-N if donations remain below $25,000 per year.

Articles of Incorporation

Bylaws

At this point the fun began. We spent the next three months completing the 1023 Application for 501(c)(3) and the associated attachments. When you view the document links below it will be fairly obvious why three months were required, especially considering that we are full-time employees and were doing as much as we possibly could in the off hours (wee hours of the night). With business plan in hand and all the examples we could muster out of the interwebs as well as friends, we plugged away and were able to file on January 11, 2011 with the required $400 fee (fee could be larger for company expecting greater income). Then the waiting game began; the IRS processes 1023 Applications on a first come first serve basis so the time to wait will vary based upon volume of applications.

1023 Application and Attachments

Now it is worth noting that even if you file the appropriate change of address forms with the IRS, the department processing your 1023 application wont get that update and inevitably continue sending notifications to your old address, so be sure to send a copy of any change of address forms to the address you sent the 1023 Application to, or if you've already been assigned an agent you may send them a fax with the information (Can you tell that we don't know this from our personal experience :-). Once our agent was assigned, the process was rather painless as she proved to be very helpful. We simply needed to file one Amendment for Article IV (If you copy the verbiage from this Amendment rather than using what we submitted in original Articles above you can save this step and the $45 fee that goes with it) and answer a few simple questions. Once we faxed all the information back it was only a matter of a couple of weeks before we received our letter of determination. Once we did receive the letter it was only a matter of a couple days after providing the required documents to the merchants before we got our Donation buttons up and running again for both Google Merchant and PayPal.

1023 Responses

Amendment to Article IV required for response

Yay! On August 4th, 2011 the LOD arrived stating we are officially a tax exempt nonprofit public charity.

Letter of Determination

Some other considerations were the creation of a website and establishing nonprofit merchant accounts for accepting donations. We chose Google Sites and Google Apps in an effort to ensure no monthly administration fees and for its ease of use. So far we've been perfectly willing to accept the limitations for customization of our site because we'd much rather not have to rely on public donations to cover any expenses other than certification and training costs. In hindsight, it would have been better to wait for our letter of determination before establishing merchant accounts because they ended up disabling our ability to accept donations shortly after we were setup because we did not have a letter of determination yet. It did not help matters that we sent all of our filings and a copy of our submitted 1023 Application to the merchants either.

We wanted to ensure that public donations would primarily service the needs of the candidates and we're proud to say that less than $30 of our donations to date have been used for administrative expenses. The board of directors contributed all of the fees for the 1023 Application and all of the business filings; we only needed to utilize a small amount of the donations to obtain certified copies of our business documents for banking purposes. This is also a factor for choosing not seek paid professional services but rather volunteer professional services. Our primary purpose is to further the cause of education and get people certified in a way that ensures real world success; therefore, we gratefully accept volunteer assistance from qualified professionals to meet our goals.

We hope you find this information useful and of value. If so, please consider making a financial, software, and/or hardware donation. Every contribution helps tremendously.

http://www.vcommunitytrust.org/donations

Regards,

Paul Valentino - Chairman

vCommunity Trust Inc.

@vcommunitytrust

@sysxperts

2010-10-05T14:31:00.003-05:00

Please donate to vCommunity Trust Inc. to help the economically challenged to obtain their technical education and certification

2010-08-06T22:23:00.000-05:00

2010-08-06T22:20:00.001-05:00

2010-07-15T21:01:00.006-05:00

Finding potentially unused IP addresses or invalid DNS

2010-07-15T20:34:00.010-05:00

Disco Dancing with iTach

2010-07-08T13:41:00.006-05:00

Likewise Open Tips

2010-07-07T16:28:00.000-05:00

Finding unused IP addresses and invalid DNS entries

The method used in the example below will not help eliminate all invalid DNS entries or find IPs that are live yet unused, however, it will provide a fairly efficient means of finding unused IPs that are not pingable at the moment and provide a list of potentially invalid reverse lookup entries which in turn would also give you clues you need to start looking for invalid A records, etc.

For this example I am going to assume we want to find unused IP addresses and potentially invalid DNS entries for the network range 192.168.1.1-100

From the prompt of your linux host with nmap installed run:

nmap -v -sP 192.168.1.1-100|grep down |for i in `awk '{print $2}'`;do host $i;done

nmap -v -sP 192.168.1.1-100 performs ping scan and returns status for specified range
grep down - filters the list to only return non-pingable hosts
for i in `awk '{print $2}'` - filters the list further to only return the IP addresses in a loop to do the host [ip address] lookup for each IP returned

One could easily substitute host with nslookup or dig but I chose host to streamline the output for readability.

Bottom line is that if you see output similar to the following:

Host 5.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN)

Then you can probably safely use 192.168.1.5 for a new device and DNS entry although it would be safer to scan the DNS table by IP for forward lookup entries first.

On the other hand, if you see output similar to:

5.1.168.192.in-addr.arpa domain name pointer name.domain.com

Then you most likely have a system that is shutdown at the moment which uses that address or an invalid/outdated DNS entry to clean up.

One could easily schedule this command to run with cron and send output to an email or ticketing system for regularly scheduled DNS maintenance

2010-06-21T07:30:00.004-05:00

2010-05-25T12:15:00.003-05:00

Generate Wildcard SSL for Apache 2.x using OpenSSL

openssl req -new -newkey rsa:2048 -nodes -keyout star.domain.key -out star.domain.csr

Convert an Apache Cert and Key to IIS format

openssl pkcs12 -export -out star.domain.pfx -inkey star.domain.key -in star.domain.crt

Import Key into IIS from pfx format:

Start > Run
Type in MMC and click GO
Go into the Console Tab > select Add/Remove Snap-in
Click on Add > Double Click on Certificates and click on Add > OK
Select Computer Account
Select Local Computer
Click the + to Expand the Certificates Console Tree
Right click on the Personal Certificates Store
Choose > ALL TASKS > Import
Follow the Certificate Import Wizard to import your Primary Certificate from the .pfx file. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
In your IIS manager, right-click on the site that you would like to use the certificate and select properties.
Click on the Directory Security Tab and hit the Server Certificate Button. This will start the server certificate wizard.
If you are asked what you want to do with the current certificate on the site, choose to remove it, finish the wizard, and click the server certificate button to run the wizard again.
Choose to 'Assign an existing certificate' to the site and choose the new certificate that you just imported and supply the password used to create the pfx file.
Finish the certificate wizard.
Restart the server.

Extract values within quotes from com...

2010-05-21T10:28:00.001-05:00

Extract values within quotes from command output on Linux using perl

For example:

To obtain all values within quotes from the output of a jstack command you could

./jstack <pid> |perl -lne 'print $1 if (/"(.*)"/)'

and if you wanted a count of how many quoted values there are

./jstack 23545 |perl -lne 'print $1 if (/"(.*)"/)' |wc -l

Oracle on Linux RMAN from Netbackup t...

2010-05-06T13:06:00.001-05:00

Oracle on Linux RMAN from Netbackup to Avamar Backup Client

I recently migrated some Oracle 10g and 11g RHEL 5 VM’s and Physical boxes from Netbackup based clients to Avamar clients with the RMAN plugin. I will create a separate post regarding automation of the AvamarClient setup and focus on the RMAN configuration for event/client driven backup here.

First thing I did before automating any of the processes was to download the required docs and binaries from the Avamar web interface. There is a Documents and Downloads link at the bottom of the page of the following sample url:

http://avamarservernameorip

Then I downloaded the Avamar Oracle Client User Guide and the appropriate binaries for the platform from the right hand column, for example:

AvamarClient-linux-rhel4-x86_64-5.0.101-32.rpm
AvamarRMAN-linux-rhel4-x86_64-5.0.101-32.rpm

Also, ask your friendly EMC Avamar installer to provide a copy of AvOracleRMAN.pdf and AvOracleDatabasePrep.pdf which provide a lot more detail than the Client User Guide.

Installation and registration of the Avamar Client

1. As root cd to location of downloaded rpms
2. Type rpm -ivh AvamarClient-linux-rhel4-x86_64-5.0.101-32.rpm
3. Type /usr/local/avamar/bin/avregister
4. Enter the fqdn of the Administrator server when prompted [avamarserver.domain.com]
5. Enter the Avamar server domain [clients] when prompted
6. The Avamar Client installation is now complete

Installation of the AvamarRMAN Plugin

1. As root cd to location of downloaded rpms
2. Type rpm -ivh AvamarRMAN-linux-rhel4-x86_64-5.0.101-32.rpm
3. Update iptables with following rules to allow secure backups and also update any firewalls to allow backup through these ports:
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 28002 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 27000 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 29000 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 8672 -j ACCEPT
4. Create a new user account that will have access to backup/restore jobs on the domain containing the Oracle backup jobs using the Avamar Administrator Console.
5. Create a my-avtar-flags.txt file for linux in /usr/local/avamar/bin containing:
–pidname=Oracle
–pidnum=1002
–logfile=/usr/local/avamar/var/avtar.log
–vardir=/usr/local/avamar/var
–id=[userid from prior step]
–ap=[password from prior step]
–path=[/domain/oracleservername]
–expires=[number in days]
6. Create RMAN scripts (avorabackup and avorarestore) that can be launched with cron or scheduler of your choosing, examples below:

launch this example backup script from a file named avorabackup as follows:

rman target / nocatalog @avorabackup

run {
configure device type sbt clear;
allocate channel c1 type ‘SBT_TAPE’ PARMS=”SBT_LIBRARY=/usr/local/avamar/lib/libobk_avamar64.so, ENV=(PATH=/bin:/usr/bin:/usr/local/avamar/bin)” format ‘%d_%U’;
send ‘”–flagfile=/usr/local/avamar/bin/my-avtar-flags.txt” ‘;
send ‘”–sysdir=/usr/local/avamar/etc” “–bindir=/usr/local/avamar/bin” “–vardir=/usr/local/avamar/var”‘;
configure retention policy to recovery window of 10 days;
configure retention policy to redundancy 2;
backup database plus archivelog;
delete noprompt obsolete;
crosscheck backupset;
release channel c1;
}

launch this example restore script from a file named avorarestore as follows:

rman target / nocatalog @avorarestore

run {
allocate channel c1 type ‘SBT_TAPE’ PARMS=”SBT_LIBRARY=/usr/local/avamar/lib/libobk_avamar64.so, ENV=(PATH=/bin:/usr/bin:/usr/local/avamar/bin)” format ‘%d_%U’;
send channel=’c1′ ‘”–flagfile=/usr/local/avamar/bin/my-avtar-flags.txt” ‘;
send ‘”–sysdir=/usr/local/avamar/etc” “–bindir=/usr/local/avamar/bin” “–vardir=/usr/local/avamar/var”‘;
restore database;
recover database;
release channel c1;
}

NTP Update PoSH for ESX

2010-04-23T01:10:00.001-05:00

NTP Update PoSH for ESX

$Cluster = "<cluster name>"

$Hosts = Get-Cluster $Cluster | Get-VMHost

ForEach ($Host in $Hosts)

{

Remove-VmHostNtpServer -NtpServer "x.x.x.x" -VMHost $Host | Out-Null

Add-VmHostNtpServer -NtpServer "ntp0.sysxperts.com" -VMHost $Host | Out-Null

Add-VmHostNtpServer -NtpServer "ntp1.sysxperts.com" -VMHost $Host | Out-Null

Get-VMHostService -VMHost $Host | Where-Object {$_.key -eq "ntpd"} | Restart-VMHostService Confirm:$false | Out-Null

write "NTP Server was changed on $host"

}

Enabling a VirtualBox Win7 guest to connect to 8021x

2010-04-13T13:46:00.003-05:00

Enabling a VirtualBox Win7 Guest to Connect to 802.1x Corporate Network

Disable everything but the VirtualBox Bridged Networking Driver on the interface connected to the corp. LAN and also disable authentication as this will be handled by the guest OS.

Disable VirtualBox on the interface connected to your Internet enabled network

Create 1 bridged interface and 1 host only interface on your VirtualBox Guest under Virtual Box Settings then power on Guest and go to Network Connections to verify

On the bridged interface you will enable authentication for 802.1x and edit settings as follows.

Settings - edit servernames with your own Domain Controllers/802.1x auth providers

Additional settings - Set to User Authentication and replace credentials with your Domain auth in the form DOMAINNAME\username

On the Host Only interface set it to a static IP in the same range as that which is configured on the Host as shown under File > Preferences > Network

Now you should be able to join your Windows 7 guest to the domain and access corporate resources with 802.1x authentication.

And your shared local drive too if you added under Devices > Shared Folders

Enabling a VirtualBox Win7 guest to connect to 8021x

2010-04-13T13:46:00.001-05:00