Blog | jim80.net

So, one of my admin colleagues, Sean, decides to write up some nerdy-lyrics to a rap song, and I thought it’d be a colourful addition to this blog.

This is the first verse to KRS-One – Build Ya Skillz. Lyrics possibly NSFW.

Sean-One – Log Ya Mods
2010 erplefoo industries (erplefoo@gmail.com )

Check, I control your realm with one password I speak
And spread your auth all over like a raid level 5’s disk seeks
Admins get kicked in they mouth with cleats
Kuz their plans failed to reach servers at the beach
Have a seat quick, I’ll set up your account bits, time to complete shit
Looks like I need to reset shit, I mean set perms properly
I can feel myself becoming an admin monopoly
Others will copy mtree but apply my shit sloppily
Shocking me with static straps not entirely attached to me
Electroshock it seems to be
My true identity is never meant to be
Exposed in the sun that shit’s bright daily

(chorus)

But admins mod too much shit and fuckin’ forget to log it
LOG YOUR MODS
Admins talk too much shit
And send quotes up to reddit
LOG YOUR MODS

You can follow Sean on Twitter at @sdfoo

You will not always see 100Mbps upload/download speeds even with a 100Mbps port. Much of the slowdown occurs because as packet travel distance increases, so does latency, which has a large detrimental effect on large file transfers. For smaller files, like those associated with not-too-graphical web pages, this has less impact. Without getting too technical, this is because file transfer protocols that use TCP require that the recipient respond with confirmations of data received, and this is one reason that file transfers over longer distances are slower, in direct proportion with increased the increase in response times.

See http://www.internetworkexpert.org/2008/12/19/how-to-calculate-tcp-throughput-for-long-distance-links/ for a more in-depth discussion on this.

Most download accelerators are able to increase transfer rates by simply employing multiple TCP pipes that dump into the same file. This doesn’t solve the TCP window size problem, but takes advantage of what the uplink is capable of handling. Most modern browsers do this automatically, so download accelerators are really not a necessity any more.

You may wish to optimize your per-TCP connection transfer rates though. To do so, determine your optimal TCP window size based on the expected latency of your most bandwidth intense client-base (see the calculator at the above link). Then, based on that, adjust your TCP/IP stack to adjust below:

To tweak Windows 2008 TCP Window Scaling, please refer to the following:
http://www.minasi.com/newsletters/nws0802.htm
http://www.msfn.org/board/heres-why-tcpwindowsize-does-not-work-vista-t87969.html
Note that Windows 2008 doesn’t allow you to tweak settings like 2003 did. You can make the system adjust it “more aggressively,” but you can’t hard code numbers in.

To tweak Windows 2003 TCP Window Scaling, please refer to the following:
http://articles.techrepublic.com.com/5100-10878_11-5034413.html
You may wish to also try: http://www.speedguide.net/tcpoptimizer.php

To tweak Linux TCP Window Scaling, please refer to the following:
http://www.speedguide.net/read_articles.php?id=121

Note that many other factors come into play for bandwidth calculation. In a hosting environment, your server must compete with other servers in the data center to reach the core routers and from there, must concentrate in various nodes and exchanges to reach a packet’s destination. Along the way, routers must prioritize and queue packets for transmission. We can check the health of this process by performing a traceroute between “slow links.” Network congestion at any one of these nodes can reduce overall transfer rate. On either one of the endpoints, disk I/O, or other system stress may be a bottleneck.

All in all, an 100Mbps, or even an 1000Mbps uplink will not provide transfer rates greater than what the network fabric in between the source and destination can handle, and not greater than what the server / client can negotiate within the TCP pipe.

This post was originally posted by me at http://forums.serverbeach.com/showthread.php?t=6411.

I’ve edited out the ServerBeach specific stuff and will post pictures…. soonish.

The following link has some great pictures not included here. http://sqlblog.com/blogs/john_paul_c…h-hyper-v.aspx

I’ll add some nice little pictures here once I get some screenshots together.

CONFIGURE HYPERV

1. Configure an “Internal” HyperV network
2. Set each Virtual Machine to use the Internal network and assign them and your HyperV host on the correct subnet (in this example 10.0.0.1 for the host and 10.0.0.10 for the VM).

ENABLE ROUTING AND REMOTE ACCESS ON THE HOST MACHINE

1. Click -> Start -> Administrative Tools -> Routing and Remote Access
2. Right Click on Server#### (local) -> Configure & Enable Routing & Remote Access
3. Click -> Next on Welcome Window
4. Select Custom Configuration Click -> Next
5. Select NAT Click -> Next
6. Select your public interface
7. Select your Internal HyperV interface
8. Select “I will set up name and address services later” Click -> Next
9. Click -> Finish

CONFIGURE ROUTING AND REMOTE ACCESS ON THE HOST MACHINE

1. Routing and Remote Access should be running on the server now
2. Expand out the Server
3. Expand out IP Routing
4. Select NAT/Basic Firewall
5. Right-click your public interface. Select properties
7. Network Address Translation Properties Window will open
8. Select Radio Button for “Public Interface Connected to the Internet”
9. Select the check box for both “Enable NAT on this interface”
10. Click on the Address Pool Tab
11. Click the Add button and add your secondary IP addresses. The “Start Address” and “End Address” will be the same in most cases.

*NOTE* You do not want the secondary IP address configured in the TCP/IP Properties of the Host machine.

12. Click the Reservations button and enter your static IP mappings. That is, specify that you want traffic on your secondary IP mapped to your VM’s internal IP.
13. In services.msc, make sure that RRAS is set to start automatically and Windows ICS is disabled.

NOTES #1

When configuring and experimenting with the RRAS firewall, create a batch file to stop the service in case you forget to allow RDC or otherwise render the system inaccessible.

Code:

net stop “remoteaccess”

Then add the batch file to the scheduler and have it run some time after you apply your changes.

NOTE #2

RRAS is really finicky about the interfaces installed on the server. If an interface is changed in any significant way, it’ll have to be disabled and reconfigured.

Hyper-V is also similarly finicky about its virtual networks. I can’t count the number of times I had to remove and recreate networks. Thankfully, this was rather painless with only one VM to propagate changes to.

If you should encounter any difficulties with adding your additional VMs to the server, try resetting HyperV networking, individual VM network binding (in the VM’s settings), confirming physical host interfaces, and then reconfiguring RRAS in this order.

NOTE #3

Those who have had HyperV configuration problems solved it by disabling TCP/Offload Engine. Symptoms include, RRAS just not working, or working sporadically. If in doubt, disable TCP/Offload Engine

http://social.technet.microsoft.com/…8-d22aca6154ee
http://support.microsoft.com/default…b;EN-US;904946

So if this applies to you, run on the host and on any 2008 VMs:

$ netsh int ip set global taskoffload=disabled

and add the following registry key to any 2003 VMs:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\DisableTaskOffload

This is a DWORD entry that should have a value of 1.

If compatability mode is not enough for you, check this out:
http://www.microsoft.com/windows/virtual-pc/download.aspx

You can install a Windows XP VM in Virtual PC on your Windows 7 workstation. The cool part is the integration. Install a Windows XP application, and it’s automatically integrated into your Start Menu in Windows 7.

I am so geeking out right now.

The Microsoft data store where T-Mobile Sidekick phones save their user data, such as contact info and pictures, has been reported to have been lost beyond repair.

On October 3, T-Mobile Chief Operations Officer, Jim Alling wrote the following post on the T-Mobile forum site:

Dear valued T-Mobile Sidekick customers:

I realize that for many of you, your T-Mobile Sidekick is how you stay in touch with your friends, family and others.  I sincerely apologize for the impact the current disruption of data services may be having on you.  I assure you that T-Mobile is working very closely with Danger/Microsoft to resolve the issue as quickly as possible.  T-Mobile-supported services, such as voice calls and SMS/MMS, have not been affected and continue to be operational.  Danger/Microsoft has been working, and will continue working through the week, to restore data functionality and other features.

I understand that this data service disruption is very frustrating to our valued Sidekick customers.  For many years, the Sidekick has been, and continues to be, a cornerstone device for T-Mobile.  And we believe Sidekick customers are among the most loyal customers anywhere.  Recognizing that, and to address any inconvenience Sidekick data customers are experiencing, T-Mobile will automatically credit one month of data service to customers who subscribe to T-Mobile Sidekick data plans.  There is nothing you need to do to get this credit – T-Mobile will post the credit to these accounts in the coming days.

We will continue to post the latest information and FAQs to these Forums. I appreciate you being a loyal T-Mobile customer, and appreciate your patience as everyone works hard to resolve the current issues.  Thank you.

Sincerely,

Jim Alling, Chief Operations Officer, T-Mobile USA

Then, after a torrent of discussion on the forum site, the following update was provided earlier today:

Dear valued T-Mobile Sidekick customers:

We are thankful for your continued patience as Microsoft/Danger continues to work on preserving platform stability and restoring all services for our Sidekick customers.  We have made significant progress this past weekend, restoring services to virtually every customer.  Microsoft/Danger has teams of experts in place who are working around-the-clock to ensure this stability is maintained.

Regarding those of you who have lost personal content, T-Mobile and Microsoft/Danger continue to do all we can to recover and return any lost information.  Recent efforts indicate the prospects of recovering some lost content may now be possible.  We will continue to keep you updated on this front; we know how important this is to you.

In the event certain customers have experienced a significant and permanent loss of personal content, T-Mobile will be sending these customers a $100 customer appreciation card.  This will be in addition to the free month of data service that already went to Sidekick data customers.  This card can be used towards T-Mobile products and services, or a customer’s T-Mobile bill.  For those who fall into this category, details will be sent out in the next 14 days – there is no action needed on the part of these customers.  We however remain hopeful that for the majority of our customers, personal content can be recovered.
===
Dan
Moderator, T-Mobile Forums

At this time, neither Microsoft nor T-Mobile have confirmed conjecture that a SAN update caused the failure:

So yeah..

I would like to know what discounts are T-mobile going to give on a new Phone. I am probably going to move to the Moto Cliq, But I and other sidekick users should get a full phone discount not just a % of it..  (Microsoft should pay for it)

hmm Roz Ho haven’t you her of BACKUP…?

Quoting Hiptop3

“Currently the rumor with the most weight is as follows:

Microsoft was upgrading their SAN (Storage Area Network aka the thing that stores all your data) and had hired Hitachi to come in and do it for them. Typically in an upgrade like this, you are expected to make backups of your SAN before the upgrade happens. Microsoft failed to make these backups for some reason. We’re not sure if it was because of the amount of data that would be required, if they didn’t have time to do it, or if they simply forgot. Regardless of why, Microsoft should know better. So Hitachi worked on upgrading the SAN and something went wrong, resulting in it’s destruction. Currently the plan is to try to get the devices that still have personal data on them to sync back to the servers and at least keep the data that users have on their device saved. “

WOW.

Microsoft Do you understand that you are making yourself and T-mobile loose MONEY????

Also with me being a Sidekick owner I feel betrayed by Microsoft not T-mobile.

This outage I was all fine about at first but now it is just to much. We sidekick owners rely on Danger witch is now owned by Micro to keep are data stored on a secure server and that is why us users never backed up are data. I mean the sidekick does not even have a mass contact save Option. The user has to save them one by one. If I do stay with the sidekick I would like to see Options to save all on SD becuase a SIM can only hold around 250..

I have lost business and meetings from this outage and I am not happy.

So to everyone

It is not T-mobiles Fault so do not blame them. There customer service has been AWESOME

Also Danger and Microsoft do not comunicate with T-mobile as much that is why there is not much info.

“I wonder if we call Microsoft and bug them will they give us any info, they will probably say u have to call t-mobile. Well T-mobile is not the one who messed up,.they do not UPDATE THE SAN…..”

After a week of attempting to salvage the data, it would appear as though Microsoft was unsuccessful in doing so. If the SAN speculation is correct, then it was simply a failure of the data’s underlying SAN. The question is, why should a failing SAN bring with it the data of an entire customer base? I severely doubt that this would have occurred had this been a normal hardware breakdown. Well-designed storage solutions are built with the precondition of being able to survive a head failure, network failure, any sort of failure, really, without losing data. One would thus speculate that gross human error was at fault, and frankly, that means that management was not doing their job. Not enough layers of redundancy were built into this system, and not enough protective layers were written into policy to prevent this human error, or whatever it was, from cascading into a data-lost scenario. Data management is a big responsibility, and not enough resources go into its upkeep in many firms. It would thus appear that Microsoft appears to be one of the latter.

UPDATE: 20090826 – Corrected typo in “Slowloris and You.” It used to say “Slowlaris and You.” I keep getting slowloris confused with my nickname for “Solaris.” =D

Back in July, http://ha.ckers.org/slowloris/ published an exploit against Apache and other web servers (go to the link for further) that takes advantage of multi-threaded applications. It works by tying up web server threads with partial HTTP requests, then sends TCP handshakes to keep the socket open. In general, multi-threaded web servers such as httpd, apache, and apache2 are vulnerable. IIS and most proxies are not vulnerable

CERT suggested using iptables to rate limit incoming port 80 requests. In general, this should be fine for many applications, though CERT has warned that some large clients behind NAT’s may be affected and thus the hitcount/time ratio should be adjusted according to your needs.

http://www.funtoo.org/en/security/slowloris/ offers tips on mitigating this attack by enabling delayed binding on hardware load balancers.

In short, it appears as though the consensus mitigation method involves connection restrictions in the form of iptables or apache modules (most are of limited value, frankly), or shielding the web servers behind load balancers (such as HA-Proxy).

The core of the following script is based off work first started by my coworker Trent. The gist of the little script is to perform a quick scan of a hostname or IP by simply attempting to open a socket. I use this when I want to run a quick “is it online” scan of a server and determine if ports of interest are available to me. I added the bit that would let me open them directly from the script without having to type in an alternate command.

This is very much a poorly written hack-job script, and I very much expect that some of you will be able to identify some serious n00b mistakes (probably in that I still haven’t figured out how to properly localize variables), but hey, I don’t think this is half bad for my first PERL script. Yes, PERL. I’ve already been lectured about learning Python instead, but while that’s definitely on the to-do list, this script needed finishing, and I was already halfway through. It’s a tool that’s customized for me, so please hack away, and let me know what you do, as I may like it too!

So, I present, for your consideration and for your critique (please do), ‘ch.pl’ v 0.1.

I generally alias ch=/usr/local/bin/ch.pl for this script in Linux and MacOS, as this lets me leave the file extension the same for when I use it in Windows. To use this in Windows, you’ll need to install PERL first. I use ActivePerl. However please note, I’m still working on making this script Windows friendly.

To install in Linux/MacOS:

• download ch.pl using FTP or wget to /usr/local/bin/
• chmod +x /usr/local/bin/ch.pl
• modify your ~/.bash_aliases file (ubuntu), or your ~/.bashrc (RedHat) to include the following:
  • ‘alias ch=/usr/local/bin/ch.pl’

Usage: ch [hostname or IP] [optional: port(s) to check, separated by commas]

This article was first published as “Locked Files in Windows” on 22 Jul 2009.

Note to self: Sysinternals is Microsoft’s saving grace:

Process Explorer: A more advanced taskmgr, if you will. It’s most awesome feature is it’s ability to search for processes holding a certain handle, allowing you to resolve locked file issues:

Home page: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Or just run it from http://live.sysinternals.com/procexp.exe

Process Monitor: Basically, Regmon + Filemon:

Home page: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

Or just run it from http://live.sysinternals.com/Procmon.exe

Linux:

ls -alh /boot/grub #the majority of files in this folder don’t change from the time of install except for menu.lst

ls -alh /restore #BSD

Windows:

Systeminfo #from the command line

- or –

CMD /K WMIC OS GET InstallDate

You’ll see the Operating System installation date (in WMI format). The first eight characters in that output gives you the installation date.

*Windows bit stolen from http://windowsxp.mvps.org/getosdate.htm

This is handy for transferring files between Windows and Linux, as many distro’s don’t have NTFS RW support built in. This is, of course if you do not have access to the NTFS-3G driver, which does allow for RW mounts.

Overview: fdisk w/ a W95 partition table
mkdosfs

If you need the step by step, it’s below:

fdisk /dev/sd(whatever drive you want to reparition, ‘b’ in this case), then follow along:

The number of cylinders for this disk is set to 20023.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): m
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition’s system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)

Command (m for help): n

Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-20023, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-20023, default 20023):
Using default value 20023

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): c
Changed system type of partition 1 to c (W95 FAT32 (LBA))

Command (m for help): p

Disk /dev/sdb: 164.6 GB, 164696555520 bytes
255 heads, 63 sectors/track, 20023 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0×000f0136

Device Boot Start End Blocks Id System
/dev/sdb1 1 20023 160834716 c W95 FAT32 (LBA)

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: If you have created or modified any DOS 6.x
partitions, please see the fdisk manual page for additional
information.
Syncing disks.

root@sbrescue:/# mkdosfs /dev/sdb1
mkdosfs 3.0.1 (23 Nov 2008)
root@sbrescue:/# mount /dev/sdb1 /mnt
root@sbrescue:/# cd /mnt
root@sbrescue:/mnt# touch asdf
root@sbrescue:/mnt# ls
asdf
root@sbrescue:/mnt#

All done! =D