Monday, 19 December 2016

Notes for installing Ubuntu 16.04.1 LTS on Hyper-V

The last couple of servers I've installed on Hyper-V with Ubuntu 16.04.1 LTS with 4.4 kernels have annoyingly hung shortly after setup.

Here is an excerpt of the errors:

info task rs main q reg 1162 blocked for more than 120 seconds not tainted

 This is a very inconvenient feature and I think I've nailed it. From Microsoft's site they have details on adding bits to your install that add functionality and (hopefully) will help avoid this issue.

The Microsoft page is here: https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/supported-ubuntu-virtual-machines-on-hyper-v?f=255&MSPPError=-2147217396

And the guts of it is to do the following (with 16.04):

  • # apt-get update
  • # apt-get install linux-virtual-lts-xenial
  • # apt-get install linux-tools-virtual-lts-xenial linux-cloud-tools-virtual-lts-xenial
and then reboot. It should fix it.

 The error was something like Kernel not tainted or similar. So far it's working.

Update 2016-12-22

It stopped working. Super annoying. Have tried from this site: https://www.blackmoreops.com/2014/09/22/linux-kernel-panic-issue-fix-hung_task_timeout_secs-blocked-120-seconds-problem/

See how that goes.

Have also done the stuff on this site: https://oitibs.com/hyper-v-lis-on-ubuntu-16/

Will see how that goes.

Saturday, 26 November 2016

Dell Inspiron 11 3162 Review

I bought this little 11" laptop off Dell's site after poking around and thinking it would be nice to have a little laptop again. I really missed my MacBook Air after I sold it - silly move that - so I thought why not consider this one? It's specs are underwhelming:

  • Celeron N3050 processor
  • 4GB of RAM
  • 32GB eMMC HDD
  • Bluetooth version 4
  • WiFi - 802.11ac+
For what it is, it performs quite well. It's crippled though. In fact - so crippled I couldn't get the thing to start a week ago. It would try to boot into Windows 10 and just hang and hang and hang - you get the drift. I let the power completely drain then tried again. Repair windows install was the next question.... grr. After completing this it booted. That's the only problem I've had with it.

I have had the chance to use it for a couple of presentations. The built in HDMI interface is amazingly handy and the Dell drivers work well for the system, allowing for quick and painless swaps between things. It also gets 8 hours out of the battery which is very impressive indeed. I've tested this twice, and after a full day of work it still had some go in it. 

The ergonomics aren't too bad - I find the keyboard a tad small. But to give you perspective, I'm typing this on a wireless Mac keyboard and I find that a tad small too. I'm most comfortable on an ergonomic keyboard, the Microsoft Sculpt is the current choice of weapons for that. The mousepad is responsive and I find it to work quite well.

All up, this little laptop was about $275 - this model was $300+ at JB HiFi. It's worth checking the manufacturer's site for these better deals. For the equivalent money at JB I'd have only gotten 2GB of RAM. That extra RAM can make an enormous difference! Can't remember if the disk was bigger was or not, but there is an SD card slot so I've already slammed a 64GB disk into that. Combined with network storage and the high speed wifi, I'm set to go.

I think this machine is pretty good. I've got a real dislike for Windows 10 and the way privacy and updates are being handled, but I'll leave that for another post. I'm going to investigate putting Linux on this machine. I think it'll go really well with it.

For a cheap laptop, it's got some solid specs and it's reasonably good to use. 

Friday, 11 November 2016

Dell T110 Server - older tech still doing the yards

The last time I was out in Coober Pedy, I saw a lot of Toyotas running around. Landcruisers mostly - a great vehicle and out in the Red Centre with some pretty harsh conditions, they were the vehicle of choice. Solid, reliable, amazingly well built. It's a bit like the older Dell servers still kicking around.

To my case in point - the Dell T110 Server. These servers, brand new, with a Xeon Processor, 4GB of RAM and a 250GB HDD were around $1400. We got several cheap, added RAM, disk and an OS and sold them to customers. The basic spec was pretty sound:
  • Intel(R) Xeon(R) CPU X3430 @ 2.40GHz 
  • 4GB of RAM (maximum 16)
  • Dell PERC S100 onboard RAID (fake RAID but still OK)
  • space for 4 disks
  • tower configuration
 About 18 months ago I was given one of these servers by a grateful client after a particularly painful weekend migrating one server to another. After thinking about it for a bit, and knowing the S100 RAID card is Windows only (Linux won't see the arrays, just the disks - use AHCP if you're using Linux), I decided to pop Windows 2012 Server on and run a bit of the Hyper-V action for shits and giggles. In order to do this and to solve a tricky customer problem, I upgraded the server a little bit.

I added two 250GB SSD disks and made them the primary array, with the two 250GB HDDs as a data array. I installed Windows 2012, set up Hyper-V and then built a 2008R2 server as a VM. I also added more RAM to max it out at 16GB. Now, the 2008R2 server boots up in under 20 seconds! It is so quick and as I was using it to try to repair a broken SharePoint (see my previous post on this) I was very happy to have a machine that would restart in the blink (almost) of an eye.

Fast forward to about 3 months ago, I ditch the 250GB HDDs out of it and upgrade them to 2TB drives giving me a data array of 1.8TB for stuff. I've used the machine to create (and destroy) about 20 different VMs for testing and it has been reliable and solid for all the time. Suffice to say I'm very happy with it.

I was puttering around on eBay about 3 weeks ago and saw one of these for sale for $150! I grabbed it, as quick as possible. It turned up with the base spec. Using some old stuff lying around I've upgraded it to be a 2012 server, with 16GB of RAM, a 1TB HDD based primary array and a 1.8TB HDD based secondary array. This one is as solid as the other! I've since moved the bulk of the family data to it, configured some nice backups and off it goes. I've even put Hyper-V on it and run up a 2016 test server - it goes quite well.

All in all, I've spent under $1000 for these two servers and they comfortably handle everything I'm throwing at them. The original server, at one point, was running 2008R2 with SharePoint live for a client with 20 people using it, several Linux servers and a Windows 2012 based file server - all on hardware that is 5 years old. The SSDs really make the machine fly - a worthwhile upgrade indeed. In fact, as they get cheaper I can see myself upgrading the data array to SSD... it'll be pretty good!

The next gen in the T110 - the T110 II has a better Xeon processor in it, with double the RAM capability and they also came out with hardware based arrays. I'm keeping an eye out for one even as I write this.

If you're looking for a server to play with, or to manage a small workforce, then it's hard to go past something like this. Need redundancy? Buy two instead of one and set up live migrations (next on my to-do list).

I love this older tech - I can still get brand new replacement parts (like PSU's) and the original gear is running happily. It's cheap and it works - get around it!

Tuesday, 11 October 2016

Fixing Windows 7 update problems

Everyone knows that newish install of Windows 7 will have problems updating. CPU usage and Memory usage climbs, and nothing ends up happening. No updates are applied and your computer becomes basically unusable. Here is the procedure we've found to be useful when working on this problem:

Start run, services.msc
Stop windows update service


KB3102810
32bit: https://download.microsoft.com/download/A/0/9/A09BC0FD-747C-4B97-8371-1A7F5AC417E9/Windows6.1-KB3102810-x86.msu
64bit: https://download.microsoft.com/download/F/A/A/FAABD5C2-4600-45F8-96F1-B25B137E3C87/Windows6.1-KB3102810-x64.msu

Stop Windows update service

KB3135445
32bit: https://download.microsoft.com/download/2/E/D/2ED368A8-9967-4829-9CD5-9037AD48FF72/Windows6.1-KB3135445-x86.msu
64bit: https://download.microsoft.com/download/9/C/8/9C855F85-08B1-47B4-97DF-B6A7D187F0B7/Windows6.1-KB3135445-x64.msu

Stop Windows update service

KB3138612
32bit: https://download.microsoft.com/download/E/4/7/E47FB37E-7443-4047-91F7-16DDDCF2955C/Windows6.1-KB3138612-x86.msu
64bit: https://download.microsoft.com/download/B/7/C/B7CD3A70-1EA7-486A-9585-F6814663F1A9/Windows6.1-KB3138612-x64.msu

Stop Windows update service


You are now going to download and install either one or two updates manually.  In most cases only the first (KB3172605) of these is needed.  If that produces a result that says the update is not appropriate for you computer, you need to first install the 2nd of these (KB3020369), then install the first (KB3172605).


KB3172605
32bit: http://download.windowsupdate.com/d/msdownload/update/software/updt/2016/09/windows6.1-kb3172605-x86_ae03ccbd299e434ea2239f1ad86f164e5f4deeda.msu
64bit: http://download.windowsupdate.com/d/msdownload/update/software/updt/2016/09/windows6.1-kb3172605-x64_2bb9bc55f347eee34b1454b50c436eb6fd9301fc.msu

KB3172605
32bit: https://download.microsoft.com/download/C/0/8/C0823F43-BFE9-4147-9B0A-35769CBBE6B0/Windows6.1-KB3020369-x86.msu
64bit: https://download.microsoft.com/download/5/D/0/5D0821EB-A92D-4CA2-9020-EC41D56B074F/Windows6.1-KB3020369-x64.msu

Reboot and then full updates from there.

Monday, 10 October 2016

OTRS and HTTPS

Following the recent upgrade of OTRS on our servers to the latest version, I went one step further and decided to deploy https to wrap it all up. There is no significantly important data shared or entered in our OTRS configuration, but I think it a worthwhile exercise to put encryption in place. I've only really touched on SSL once or twice before with server configurations, and I started out by looking for a cheap certificate. The thing is, this is a commercial application of the system and I didn't want to use a non-profit or education SSL cert for something that is part of our money making enterprise.

Enter "Let's Encrypt". I read about this somewhere - probably one of the many *almost* spam newsletter type emails I get during the week from a vendor. A Google search brought up a DigitalOcean write up on how to apply this to the particular version of Linux I'm running.

I'm just going to say that I love the DigitalOcean walk through's. They're clear and easy to follow. I tend to have bits of extra complexity in my installs, but I'm usually able to extrapolate from the D/O information to get want I want. Here is the link to the walk through that I used:

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04

Get around it - it's great. So now we have an encrypted OTRS site and it works well.

Apart from just having an encrypted site, we have also noticed a pleasing uptick in the responsiveness of the site and a removal of an ongoing issue we were having access it from external. When my techs would try to connect to the page from outside the office and then enter data into it, they would have to continuously re-authenticate. This was completely unusable and also one of those problems I just never seemed to have time to get around to fixing. Now, with https:// in front of the address, this problem has disappeared! The site responsiveness isn't to be ignored - no matter where it's being accessed from, the page is significantly faster, a fact which pleases all of us.

To summarise - spend the time and get the encryption happening for OTRS - it's worth it!

Tuesday, 27 September 2016

OTRS Upgrade Notes



First things first, we need to download the latest and that’s usually from the public FTP site on OTRS’ site. Here is a good place to start: https://www.otrs.com/download-open-source-help-desk-software-otrs-free/ I always grab the source .tar.gz file and usually with this command:

# wget -c http://ftp.otrs.org/pub/otrs/otrs-5.0.13.tar.gz (for the latest one anyway – which at time of writing I 5.0.13)

The upgrade direction is here: http://otrs.github.io/doc/manual/admin/5.0/en/html/upgrading.html and I want this to be my summarized version of this for ease of use both for myself and for you, gentle reader.

I have a script that starts off the upgrade process with some of the basic stuff (note – run this as root):


#!/bin/bash
service cron stop
service apache2 stop
service postfix stop
NOW=`date +%F`
mkdir /root/backup/$NOW
BDIR=/root/backup/$NOW
cp -R /opt/otrs/Kernel/Config.pm $BDIR
cp -R /opt/otrs/Kernel/Config/GenericAgent.pm $BDIR
cp -R /opt/otrs/Kernel/Config/Files/ZZZAuto.pm $BDIR
cp -R /opt/otrs/var/ $BDIR
/opt/otrs/scripts/backup.pl -d $BDIR


Now what this does is to stop the services in Step 1 of the upgrade documentation.
Then we set the “date” variable and create a backup folder for it and instantiate a variable to make the script shorter – the “BDIR” variable.
Now I simply step through the guide and backup what I need to in Step 2 and then run a full backup into the backup directory with the backup.pl -d $BDIR command.
Now it’s time for the command line work to begin. I typically download the source file into an OTRS folder in my root home directory (yes I do this all as root) so I will run:

# tar -zxf otrs-5.0.13.tar.gz

Once the tarball is extracted I copy the resultant directory to the /opt/ folder:

# cp -R otrs-5.0.13 /opt/

In the directory are all the other OTRS installs I’ve done but haven’t cleaned up. An ls of the /opt/ directory usually looks like this:

root@otrs:/opt# ls
otrs        otrs-4.0.11  otrs-5.0.1   otrs-5.0.13
otrs-4.0.1  otrs-4.0.7   otrs-5.0.10  otrs-5.0.5
root@otrs:/opt#


The bolded otrs is a logical link. I delete that:

# rm otrs

And create a new one:

# ln -s /opt/otrs-5.0.13 otrs

We need to copy stuff back now and I have a bit of a script that will do it:

#!/bin/bash
BDIR=/root/backup/`date +%F`
cp -R $BDIR/Config.pm /opt/otrs/Kernel/
cp -R $BDIR/ZZZAuto.pm /opt/otrs/Kernel/Config/Files/


It copies back the files we need to and moves us through Step 4.
Now to set permissions on the new OTRS directory:

# /opt/otrs/bin/otrs.SetPermissions.pl –web-group=www-data (for Ubuntu)

And this sorts out the permissions. I also find it very useful to change the ownership of files at a more macro level too, so I will also run:

# chown -R otrs:www-data /opt/otrs*
# chmod -R g+w /opt/otrs*

This has solved some issues in the past and seems like a handy thing to do.
Step 4 is finished and Step 5 has us checking Perl modules out:

# /opt/otrs/bin/otrs.CheckModules.pl

We can skip to Step 7 now and we have to change to the OTRS user:

# su otrs

As OTRS, Step 7 gets us to refresh the config cache and then delete the other caches:

$ /opt/otrs/bin/otrs.Console.pl Maint::Config::Rebuild
$ /opt/otrs/bin/otrs.Console.pl Maint::Cache::Delete

Annoyingly we have to change back to root and restart services. I just CTRL-D out of otrs and then run:

# services apache2 start
# services cron start
# services postfix start

And then su back to OTRS

# su otrs
$

Step 12 – restart the OTRS Daemon (as otrs – don’t forget!)

$ /opt/otrs/bin/otrs.Daemon.pl start

And then Step 13 which updates cron for the OTRS user:

$ cd /opt/otrs/var/cron
$ for foo in *.dist; do cp $foo `basename $foo .dist`; done
$ /opt/otrs/bin/Cron.sh start

And that’s it for the command line stuff.

Log into the website and go to Admin and then Package Manager. I usually find that at least three packages need to be either re-installed or updated. While these are not right, the website will run terribly slowly. Fixing the problem here will give you back some performance and set it on the right track.

That’s pretty much it. Done!

Tuesday, 9 August 2016

Guidelines on purchasing a new laptop

Recently a friend asked me for advice on purchasing a new laptop. Here is the bulk of the email I sent him - perhaps you'll find it useful as you search for a new computer:

There is a lot of stuff on the market and here are some basic, ground rules for what you need to think about when your purchasing:
  • set a budget figure for the new machine and stick to it. I usually drop at least $200 below my actual budget so I can include a new laptop bag or some sort of accessory (I love gadgets!)
  • Decide how big you want the laptop to be - i.e. are you travelling? If so, then a 17" notebook is going to be very heavy and cumbersome and you'll hate dragging it through the airport all the time. Are you doing complex work with a lot of information on it? If son, then an 11" notebook will probably be too small. Usually I suggest an 13" or if you are doing a lot of complex work, then a 15" is probably acceptable - although these can be heavy
  • Are you more comfortable with Mac OS X or a Windows based operating system - this step can easily eliminate a large number of machines
  • Extra warranty can be handy - see if you can get 3 years worth of it as this is the usual lifespan of a notebook before it needs a refresh or you've broken it. 
  • How much data will the laptop hold? How much does your current one hold? Are you going to be saving all your photos and videos to it?
A few notes on specifications and what they mean:
  • SSD - solid stat disk: These replaced the old mechanical hard drives in many notebooks. They are faster, have no moving parts so don't get damaged if you drop the laptop inadvertently. Downside is - they are smaller and more expensive :(
  • RAM - system memory: more is better but 4GB of RAM is typically enough for most day to day computing activities. If you're a gamer, get more.
  • Core i3, i5 and i7: these refer to the processor and it's type. i3 is aimed at general day to day work, i5 for harder work and maybe a bit of gaming and i7 for high end work and gaming. I prefer i3's for general office type work and find them to be fast enough for anything in a normal office environment, including most finance packages. For my general work in IT I have i5's everywhere - a solid compromise between cost and power without huge amounts of heat generation. And for my gaming rig, and my high end workstation running multiple virtual machines and doing heavy lifting (in a geeky way) I've got the big i7 on my desk. It takes a heap of power and was quite expensive.
A few notes on differences between Mac and PC
  • The Apple (Mac) environment is all locked up and proprietary. This is good and bad. Good because 99% of the time the software just works and the upgrade to new operating systems (like El Capitan) is free. Generally the upgrade is also pain free and just works. The bad news is, you're locked into the Apple way of doing things on your computer. There are ways to get around this - using Parallels or another virtualisation platform to run Windows and associated software, but this can be expensive in terms of cost for software (Parallels plus a Windows Licence) and expensive in terms of hardware utilisation. Generally though, the Macs on the market at the moment can well and truly handle it. The Mac will run Microsoft Office, or Apple have their own software - Pages / Numbers / Keynote.
  • PCs typically will run Microsoft Windows and at the moment, they're all coming out with Windows 10. Love it or hate it - that's what you get. Lots of applications, lots of viruses and vulnerabilities. Without a fair bit of work you can't get Mac OS X to run on a PC. Generally you can get a fairly well specced PC for a lot less than a Mac.
Finally, consider carefully what you'll use this computer for, then try to match the laptops you can get in your price range to those requirements. Most people will also look at which one is prettiest and which has the keyboard they prefer. These are important factors to consider so try to get eyes and hands on a machine before you buy.

Tuesday, 2 August 2016

Hyper-V copy/paste of Virtual Machine folder security problems

Have you seen this in your error logs?:

The Virtual Machines configuration 6ED5794F-DD19-46D3-8121-0880FEB592AE at 'D:\Hyper-V VM Data\VM NAME' is no longer accessible: General access denied error (0x80070005).


With Event ID: 4096 and much sadness because your VMs won't boot?

And did you move the folders that your VMs are living in to a new location but it should just work?! Well the chances are the security permissions on the files are wrong. I'm not talking about "Administrators" having all rights, but specific Virtual Machine rights.

I recently upgraded my home server with a new array of disks - a jump from 500GB of storage to 2TB. It's a modest increase, but this is a hyper-v server, not a NAS. I copied off the VMs from the old disk to an external drive and then copied them back. Oh noes! Two of my virtual Linux servers declined to start again - bastards!

So it was to the inter webs, and here, gentle reader, I hope you can find answers. If you check the permissions on the .xml configuration file for the VM you might see just the regular stuff on it. What you should also see is an entry for "NT VIRTUAL MACHINE\6ED5794F-DD19-46D3-8121-0880FEB592AE" there as well. Now in this instance the "6ED5794F-DD19-46D3-8121-0880FEB592AE" is specific to my virtual machine - you will have a different one.

It's important to note that ID. You can get it from your .xml configuration file and various other places (I find the .xml to be the easiest).

Now to fix this, open an elevated command prompt and type in the following:

icicles "path to .vhd or .xml" /grant "NT VIRTUAL MACHINE\virtual machine ID":(F) and hit enter.

You should have a return of"

processed file: "path to .vhd or .xml"
Successfully processed 1 files; Failed processing 0 files

It looks like this:


Do this for both the .vhdx (as in this case) and the .xml file. Once you go back to the Hyper-V management console, your VM should work. Otherwise, something else is b0rked and you'll need to chase it in Event Viewer!

I hope this saves someone else the half an hour of Googling that I did this morning to sort it out. Best of luck!

Wednesday, 22 June 2016

Another day - another cryptolocker infection

All too frequently we are still seeing people being affected by ransomware. It's pernicious and hard to get rid of once you've got it. If you haven't had it, then this is what happens - you open an innocent email and your computer starts to perform a bit sluggishly. Most people shrug this off then go to open a Word Document or Excel Spreadsheet and can't. It has .ENCRYPTED after it and there are files appearing in all your directories on how to pay to get your data decrypted. A sense of doom starts to build in the pit of your stomach and you watch as the files on your network drives start being encrypted too. Hopefully you pull the power plug and call your IT guy at this point. Then the tough stuff begins....

To stop this from happening here are some tips to keeping your PC cryptolocker free:

  • don't try to open a zip file emailed to you - if someone is sending one to you, make sure they establish contact first - it's OK to email them back to ask if they meant to send it. Most companies won't send you a zip file with their bills in it - the AGL email that recently infected a number of people is an example of this. They send their bills as a PDF
  • hover your mouse over any link in an email *before* clicking it - you'll see the actual address the hyperlink points to when you do this. Just because it says www.google.com/alkajsdflkjadf doesn't mean it actually points there. The hyperlink goes around the text to send it to the web and it could go anywhere!
  • while backups are important, RESTORES are mandatory - a phrase I heard at SAGE-AU years ago and it's still true. There are great free options out there - from Time Machine on the Mac, to CrashPlan across many platforms, Carbonite, ShadowProtect and so on. Get one, have a backup to a USB drive, and then to another USB drive - a bit of a pain to cycle through the backups, but what is your data worth to you? It's a sad situation that most people won't have the faintest idea until every word document they've ever written is encrypted and carries an $800USD price tag to decrypt it. Put an entry in your calendar to backup and do it. 
  • did I mention backups? Let me reiterate - back up your data! Test the backup! Have it disconnected from the network and don't rely on a single data storage place to back up to. If that gets corrupted (and I've seen it happen) - it's still all over
  • go slower when you are readying your emails. Take your time to really check what you've got and why they want you to click on that shiny, interesting looking link. Phishing emails, cryptolocker and other infections are just a mouse click away....


It's a dangerous world, opening up an email program on your computer or a web browser. You never know where it will take you or the risks that it will entail. You can be safe, if you exercise some commonsense!

Monday, 23 May 2016

Digital forensics on an SSD

Recently I was able to listen to a guest lecturer by a chap working the digital forensics field. There were a few interesting things to come out of the lecture. They are, in no particular order:

  • document and timestamp everything you do - it doesn't matter if it's written down, or you use software, but you have to show the steps you went through to reach the conclusions you're putting forward
  • EnCase is an industry favourite software
  • small cases can take you in surprising directions and you can go from a $40,000 fraud case and end up with a $250,000 + fraud case!
  • recovering RAID arrays can be a trick - but you can image each disk and use EnCase to rebuild the array which is pretty neat!
  • you can't carve an SSD to recover data like you would a HDD
That last point is the one I want to mention. On a magnetic hard disk drive (the regular type of drive people have been using) when a file is deleted, it's removed from the File Allocation Table and the computer recognises it as free space, ready to overwrite. It's relatively straightforward to then get that data back - a process I've performed dozens of times to save someone's bacon when they've deleted all their uni work (for example). But on an SSD the process is different. 

On a TRIM enabled SSD (and this is all modern SSD's) the data is removed immediately when you delete it. The OS clears the space for re-use and it's not recoverable. This applies to USB drives as well - any flash media in fact. Once a file is marked for deletion, the operating system erases it completely and then that space is available again. This keeps the SSD running fast. It makes it very hard, if not impossible to perform data carving (or recovery) on an SSD. Uh oh - that makes life harder for the digital forensic expert! 

It's amazing though - even with these kinds of hurdles to getting data out and processing it, people still make it easy to be caught. For example, using work email to talk about things people are doing wrong, or storing data on work computers that has evidence of wrong doing. There is no expectation of privacy when you use a work asset - the company owns all this stuff and all the data on it. And most companies will comply with search orders giving an investigator plenty of access to what they are looking for.

It's interesting stuff, but I don't think I'll make a career of it - getting into the business seems quite tricky and while it is a fascinating field, there is a lot of tedious combing through search hits for relevant results that, quite frankly, looks boring. Never say never though!

Tuesday, 17 May 2016

Netgear D6300 Review

After my poor little TPlink Router bit the dust with a recent power fluctuation I was keen to get something with a solid WiFi capability. The TPlink router I was using didn't have the greatest coverage around the house, and certainly not outside the house, and with the recent installation of a Chromecast I was keen to find something with a bit more zing. Also, due to my dodgy cabling set up, I have half my machines on one side of the house, and the other half on the other side. The cabling between the two goes through the router and I wanted a gigabit link between the two halves.

So a router with 5GHz wireless and gigabit networking? My local nerd supplier handed over the $399 Netgear D6300 and told me it was the best he had. He noted my sceptical look, but assured me that it was good to go. OK I'll have a crack at it and see how it goes.

It took about 45 minutes to configure it - I've got a fairly complex network with a lot of crap all over the place, all sorts of forwards and Dynamic DNS configured. I also have a large number of static DHCP entries - nightmare. Once I got it all across, plugged in and set up and away we went. I quite like the Netgear method of showing what's happening on the network. That's one of the very few things I do like about this router.

Here are the other things:

  • the wireless is good
  • throughput on the gigabit network is very high, so that's good
  • Dynamic DNS works out of the box and has some nice reporting
  • it's not a bad looking bit of gear:

OK so here are the things that suck about this router:
  • the interface is slow. I tested it under:
    • Safari
    • Chrome
    • IE
      • and it was pish under all of them. Slow to refresh and slow to respond.
  • update stopped part way through and I had to restart it - thought I'd bricked the thing
  • updates to DHCP require a reboot of the damn router! What the hell?! All I'm doing is changing a MAC address or an IP and the whole thing has to reboot to update it. This makes me very unhappy and annoyed.
  • it wouldn't initially talk to one side of the network - I ended up having to install a gigabit switch to get the thing to work properly. This isn't optimal, although it does take the network link between the network sides away from the router for when it restarts every time I perform a basic function. 
All in all, for the price, I'm a bit ambivalent towards the D6300. My dirty old TPlink, with no frills, worked pretty well and I wasn't hating on it too much when it died. Now that it is gone, this Netgear has a bit to do before I'm impressed. We will see how it goes over time, however I wouldn't rush out to buy this one.

Ubuntu 16.04 LTS First Impressions

Another polished release - Xenial Xerus (at least I hope it’s polished!)

I’m using it for a test WordPress system at the moment so I’ve been concerned mostly with that. PHP5 is gone, replaced by PHP7. The main issue with this is no more SSH2 PHP7 extension! It makes installing new themes or plugins, or updating them tricky in WordPress as it relies on this. I’ve had to default back to using vsftpd but even that is crashing at this time. To work around that, add:

define(‘FS_METHOD’, ‘direct’);

into wp-config.php

See https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-16-04 for a great walk through on this - in fact, check out Digital Ocean - they have some excellent stuff on there, including these tutorials. If you're like me and would love to delve into the intricacies of nginx or some other equally complex bit of software but don't have the time, Digital Ocean give you a way to get things up and going with very little in the way of issues. Nicely typeset and well laid out tutorials - thanks a million guys! (I am in no way affiliated, merely a fan).

I performed the install inside a VMware Player and it was as usual quite fast. Updated hostname and /etc/interfaces/network to sort out IP addresses and the like and off I went. Install of WordPress was straightforward and the set up was reasonably quick - a mite quicker I might say than the one on 14.04LTS that I performed last week. PHP7 seems more responsive and I played around with both my VMs to see if there was much difference - installing the same theme into both to see what the speed impact might be. PHP7 was marginally quicker, although I wouldn't suggest it was statistically significantly quicker.

I noticed that updates using apt-get had a much shorted list of archives being hit which was interesting. In the past it seems there was an ever increasing number of new archives being added until the sources.list ends up a mile long. So quicker updates, presumably more efficient is always a good thing. I have no idea what the desktop interface looks like - probably more of the same of that Ubuntu look (which I personally am not in love with - give me Mint's any day).

Much more of my time was spent using this VM to try and get a dirty website going - I am no webdev and I really don't like doing it. Sadly, sometimes you have to so I will continue plugging away at it tomorrow. Ubuntu 16.04 LTS though - looks like it's the goods. Get on it and see how if it does the job for you!

Tuesday, 10 May 2016

Blogger vs WordPress - a comparison of great products

This blog is written on Blogger - I am a big Google fan and I love a lot of their products. Blogger dovetails nicely with the other Google Apps I use and so it's a handy piece of kit. The interface hasn't really changed much in quite a while - it's simple yet user friendly. If you're looking for a blogging tool, it's really quite good.

I started to play with WordPress a short while ago for a client. They are using it to power their website and the more I've played with it the more I like it. There's a great interface - and I really like the new posting experience on it. Here is a comparison of the three different ways you can create a post with Blogger, old WordPress and new WordPress:

How meta! A blog post in a blog post - this is the Blogger interface
The old interface for WordPress - it has some nice features indeed.
The new posting experience in WordPress. Takes a bit to get used to.
I like the stark simplicity of Blogger - I've created about 165 posts (some of which never made the light of day) here at www.ryv.id.au. On the WordPress sites I manage - and there are a few - I've created about the same number of posts. For quick updates and slamming on a short bit of information, the new WordPress is really great.... actually they're all pretty good for that. Where WordPress shines is the management of images and files. It does a great job importing the files and then laying them out. Check out on the Dejero website some of the picture groups - http://dejero.wordpress.com . Periodically I think I'll migrate this site to WordPress but Blogger has been a solid platform for a long time.

All are free and both Blogger and WordPress are backed by great companies. You can set your own custom URL for them - see www.awpd.org or www.northshockey.org - these are WordPress sites hosted by WordPress. It's easy to set up, apply the domain and off you go. And it's easy in Blogger too!

In a world of content I think that you have to be comfortable with how you are delivering it. These three options (WordPress does count as 2) are top of the line for this sort of thing. Taking nothing away from Joomla or Drupal - they are much more complex and fancy content management systems - and are out of the scope for simple blog posting. It's not as hard as it used to be to get information out there - no more html coding for me!

OK so the major things that I find differentiate between the two products:

  • tags and categories are way better than labels - you can do so much more with them
  • WordPress handles image presentation on screen better
  • Blogger has been better when copy/pasting Word documents (which doesn't happen on this site, but does on others)
  • Blogger's minimalist interface gets out of the way of the posting - I find Wordpress to be a bit too fancy at times and it can be distracting
  • I'm actually running the middle WordPress on a tiny VM at home - can't do that with Blogger!
Back end stuff is a lot different. WordPress has a multitude of plugins - Blogger none. Blogger's stats are much better than WordPress's (much better). Ad integration is better on Blogger too (not that I really use Ads a lot but occasionally it's very nice when people click on stuff). 

From my comparison of the two I've just been delighted to have the opportunity to use them both in a meaningful way. Pick one, play with it - if you want to move then jump or simply create a couple of sites and mess with it. Both are free and both are great in their own way.

Conversations about the cloud in Australia

Another day and another chat with a client about cloud computing options. There are some absolute turkeys out there peddling cloud this and cloud that to people. Stop it! ADSL2+ doesn't provide enough bandwidth for your plans - in the war between reality and expectation, reality wins. This particular client is fortunately on the ball enough to realise that pushing all their key applications off their local server and into the cloud isn't a brilliant plan.

So what else do we do for these clients? What clever options can we provide?

It comes down to the application of course. If they're doing scanning or uploading large files to an offsite location it's not hard to use a Raspberry Pi or similar to get the data trickling out, or bulk upload it over night with a script.

If it's email or something like that - then get it into the cloud. Just let 'em know the limitations that their server currently manages - i.e. sending a large email out will take time. Your server used to plod along getting it out the door, but now you have to wait while Chrome sends it to Gmail. 

Remote Desktop Services aren't something people like, so what about a microserver with 2012 on it, AD replication and file replication using DFS? Under the right circumstances this will work over ADSL and people in both sites will see updated information reasonably quickly - depending of course on how DFS is configured. 

There are options - we just have to be smart about how it's presented and show a path forward if NBN does ever arrive. Today I showed a router upgrade to a client, then talked about how it's plug and play (almost) for NBN and how it can leverage great access for VPNs etc. We IT people are typically poor salesman - we either get excited over the trivialities of a solution or the technicalities of a solution and we lose our audience.

The biggest lesson I can give you is simple - use analogies to explain why cloud computing is a challenge. I always show an ADSL connection as a 4 lane highway in and a goat track out to represent the data path. People understand that - it's easy. Get yourself a few of these analogies and put them together to form a coherent image to bring your clients along with you in the discussion. Remember - a client can be a business client, friend, colleague or even your boss. With a little bit of education we can help our clients avoid big mistakes and avoid some of the bullshit around the cloud. 

The cloud can be great. We just have to be smart about it and make sure the shyster, bullshit artists out there don't screw up our client's networks because then we've failed in our jobs. 

In closing - please give us decent NBN! Australia needs it to grow and for businesses to be more agile (and I totally need it at home so I can download movies faster!)

Sunday, 8 May 2016

Google Keep and Apple Notes

This isn't so much a comparison, more of a discussion with myself about which one to focus on. First, the environment that you are in will determine this question much of the time - if you're on Apple, then the notes thing is built into their OS on desktops/laptops and into the iOS on your mobile devices. It has some nice features - encryption in transit, password protection, pictures and built into your iCloud experience. Here is where Keep has an advantage - it's available on nearly all platforms via the web browser. And it does most of those other things too.

Both companies are very clever. The interfaces, while different, share the same characteristics of note taking - different options for getting ideas down and into writing, while trying to make it all as straightforward as possible. They have in the main, quite slick interfaces too and very user friendly. We are truly spoiled for choice and this is part of the problem.

I use Macs, and PCs with Linux Mint and Microsoft Windows (in various flavours). I really like them all, but I prefer the Mac interface and hardware. Call me flash as a rat with a gold tooth, but it's a nice, neat and well put together combination. My main problem is - my personal phone is a Samsung S7 and work phone is an iPhone 6S so my personal notes are on the wrong device... but I like Apple Notes! I quite like Keep too, but it's too fancy for my liking. Yep - too many options and colours and other shit. I just need a piece of paper replacement and while both applications do that, I think Notes is tidier.

I like the sync across all devices I get from both apps - it's great and most helpful for keeping life in order, but this is where Keep shines - I can share amongst my accounts. That's pretty handy stuff that is. And Keep is in the cloud all the time - access via the web browser, apps on iPhone and Android now...

So which to use? I have a lot of data in both and the problem is, I know I've got something written down - like a username, but I'm buggered if I know where the damn thing is! 5 minutes of searching and I can find it. Pick one and stick with it I think. Keep seems the logical option - full sync across everything. But I prefer the interface to Apple Notes.

Which do you use?

Friday, 29 April 2016

Misgivings about the Internet of Things and hyper-interconnectedness

Last night I heard a lecture delivered by a chap from HPE - HP Enterprise for those of you who forget about their big breakup. He is in charge of innovation in the Asia Pacific region and he spoke a lot about the Internet of Things (IoT), drones, driverless cars etc. Sure, we really are moving towards a world where human interaction becomes far less of a factor when driving, delivering packages or even turning on the lights at home...

It really got me thinking about the impact to humanity and whether the pros will outweigh the cons. The hyper-interconnectedness of the world has it's upside but I think it's darker downside needs light shone on it. If your whole house is wired with sensors, motors and control units, then is it a stretch to muse on when the first house is compromised? If an attacker took control of your home just what could he do with it? Annoy you with the lights going on or off, tracking your movements throughout the place, knowing when you're asleep and therefore vulnerable or good old fashioned voyeurism. These options just popped into my head in the last 30 seconds and I'm a reasonable good, respectful and law abiding person. Imagine if I was a naughty ne'er do well?!

Quite apart from the issues inherent in being completely trackable and giving away any semblance of privacy is the issue that arises when the power goes out. Can one still open the doors, the blinds or the windows if it's all automated? And I have concerns over what might happen when the power comes back on and the house receives a power surge that damages the systems controlling all these components. There is a level of complexity to a house with IoT than there ever was before and the delicacy of these systems is not to be underrated.

Moving away from IoT to driverless cars and drones. The HPE chap (Roger something...) spoke at length about these too. While I've watched the whole notion of autonomous vehicles with some interest over time, I quite like driving and I'm not really prepared to give that up. I completely understand why some people hate it, why it would be a great thing for the elderly for example or infirm to help them get around, but I heard some absurd claims about reduction in parking spaces or some other nonsense. Autonomous vehicles still have to stop somewhere while you go and do stuff. How do you reduce the number of carparks exactly? I can also foresee more of these vehicles on the road than now, with more traffic as people who haven't got licenses or who can no longer drive take advantage of a car that will drive them anywhere. The limiting factors on road users will change, and some of these that move people off the roads (rightly or wrongly) will potentially disappear. Thinking about this from the transport and logistics perspective it's possibly an awesome thing to have trucks that can drive endlessly in a non-stop cycle with none of the pesky driver considerations we have now... but I can't help but think of the cost to human jobs. I worked in transport for a while and there are guys who genuinely enjoy getting out and about in the trucks, driving line haul or pottering around town. These guys (mostly) have a great skill set and will not be required after the introduction of an autonomous trucks. On to the sidelines for you - and then we have killer trucks chasing us like in the movie "Fortress".

Drones are becoming a big thing and will continue to get bigger over time. With many companies hoping to use them for deliveries - especially medicine or aid into remote areas - I think they're great. The potential for help is enormous... as is the balanced potential for harm. Drones already kill a fair number of people day to day in war torn areas as the US or other countries deploy them to blow shit up. Spy drones are already about looking into things they shouldn't be so privacy is going to take yet another hit, and the risk of some idiot flying their stupid drone into a plane or helicopter - yeah that will happen. We have the guys flying their drones over fires and things - which is a great tool for seeing what's happening (don't get me wrong - they have some amazing uses that preserve human life) but also restrict what other aerial vehicles can do (because they are in the flight space).  We have had water bombers diverted from fires with real concerns about them hitting drones. I think the issue there is more of command and control than the actual drone being a problem - coordinating a fire response is no trivial issue and someone with a drone in the way is a problem.

The end result of all this extra computer stuff floating around is a far more cluttered Internet and let's be honest - security is a massive issue. Complex software in complex hardware = mucho issues with security. Anyone who has done some programming knows that as complexity goes up, so does risk of an issue arising in the code. The reliance on the Internets infrastructure will increase and although the 'net is a most distributed system there are definitely ways to greatly impact a country. Imagine for example if someone attacked the Internet systems of a country and took down it's ability to manage routing - all those data packets with nowhere to go. How would it affect daily human life? I can't get my IoT coffee machine to work or I can't get my medical aid system to work because both of them connect back to a central management system located either at home or somewhere else. Uh oh. Can we get the 'net back up? We've already seen hospitals compromised because of holes in code or heaven forefend - people have no clue and use shite passwords or it's set up in a way that might be more user friendly and is far less secure than it could be.

Before we as a civilisation dive head first into the pond of hyper-interconnectedness I really think we need to slow down and understand the ramifications of what is going to happen. Big companies are not going to care - they have to make money and look after their shareholders and screw anyone else. The government needs to be across this and understanding it with techno-geeks involved to get through the heavy nerd stuff and legislate to improve protections and procedures around the IoT and associated systems. For example - drones are great, until they kill someone through stupidity or neglect. So let's try to legislate it and get it out there what you can and can't do. Something is better than nothing and attempting to get something in place is better than sitting back saying "I'm not sure - it seems like techno-babble to me!".

I for one welcome our new robot overlords when they arrive. I'd prefer the future to be a mix of humanity assisted by robots and IoT and not this:

I tried but I really couldn't resist putting up one of these pics. Ah pop culture. I hope that in some small way I've opened your mind to some of the other side of the issues I've talked about. I'm very excited about all these new gizmos and things - I can't help it - I'm a geek too. I just have a pessimistic side that impels me to consider the impact of new technology.

Adventures with Immich

With the implementation of my Proxmox server it's now time to play with some new applications - and we'll start with Immich, a repla...