You are here

Risharde's Blog

OS Support for Android products vs Apple products

Depending on the brand of your android product, you may be in for a world of disappointment. While I am not extremely knowledgable about Apple products I believe there might be similarities. Generally, you buy the new brand spanking hot of the market device with OS version 1.0 (just an example) only to find that the year later, there's a new product under the brand and now the OS is version 2.0... and you have to buy the new device to get the new OS.

This is currently my problem with Android... well its not really Android but the manufacturers but shouldn't Google do something about this? Like perhaps stipulate that the Android versions should be upgraded for the next X years (2 years or maybe 3 years) before it becomes obsolete???

I'm just thinking that to the consumer, its a fairly raw deal... and its somewhat wasteful from a technology standpoint because most devices can handle os upgrades for at least 2-3 years without dropping in performance...

It's just a thought, you don't have to agree with me on this one

5 hours of downtime (ouch!)

I've experienced about 5 hours of downtime and already posted a support ticket to my server provider. From what I gather, they've been updating their servers due to a zero-day exploit that was recently discovered in RHEL which probably streamed down to CENTOS. I ended up having to boot my server back after noticing it was down. Unfortunately, I was AFK (away from keyboard) for most of the day today so I didn't even know it was down. Good news is that I don't have any customers so the only loss was maybe the search engines updating from fresh data on the website. I'm still rebuilding the journal and haven't got around to rebuilding productions and probably won't do that until after June 30th.

Still, I'm sorry for the downtime, when I expand the rCloud, these things will be a thing of the past. I haven't really been focusing on rCloud development due to time constraints (from the more recent tasks ahead). Once I complete these tasks, I'll attempt to devote myself to rCloud and high availability again. Particularly database clustering.

Windows 8 apps - how to build

After doing some research, it seems that in order to build Windows 8 applications, you must have Windows 8 installed and Microsoft Visual Studio 2012. This is a bit of a blow for developers like me that still run Windows 7.

Some potentially interesting firewalls

I just came across 2 interesting software based firewalls that I'd like to test in the future so I'm just making a note of them

Vyatta and Untangle

So far, I've looked at a demo of Untangle and I think this is really good. I didn't see any Active Directory integration but other than that, the firewall's interface seems really easy to operate and configure.

I'll keep you guys posted

Juniper vs Checkpoint Vs Fortigate

For the techies at heart, found a nice comparison table which seems to be recently added (2013) of some popular hardware firewalls

http://www.ebrahma.com/2013/03/comparison-juniper-srx1400-vs-checkpoint-...

It seems the fortigate is in a different league altogether so aside from that device, I'm wondering which one really is better between the Juniper and the Checkpoint. In terms of ease of set up, I'd assume is the Juniper because it has a built in GUI to manage it but as you can see, it can handle only about half the amount of sessions as a checkpoint. I don't want to talk at the top of my head but I think for me, I'd make an intelligent guess that the checkpoint would be more valuable in the long run against concurrent attacks if it can handle twice the amount of sessions than the Juniper. On the downside, it doesn't come with a built in GUI so it means you'll have to use an external app. In any event, this can also be seen as an upside since it might be less likely to be attacked via the GUI and/or be less vulnerable to 0-day exploits.

Rsync Problems on CENTOS 6 Minimal

rsync: Failed to exec ssh: No such file or directory (2)
rsync error: error in IPC code (code 14) at pipe.c(84) [sender=3.0.6]
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(600) [sender=3.0.6]

To solve the issue, you need to install openssh-clients package
To do this type:
yum install openssh-clients

Good luck!

Missing SYSVOL Policies fix

Okay so Ishwar and I were having some issues with group policies not being updates. We looked at the AD controllers and noticed that a lot of the policy folders were missing and there was no one on the internet that could fix it without saying that the AD would need to be reinstalled. Well Ishwar had a good idea and it worked. He reinstalled the GPO manager by first uninstalling it and installing it back. It recreated the policies and saved us a lot of problems!

Good luck!

Installing SquidView on Centos 6

I was having a lot of problems with ncurses when trying to compile squidview on Centos 6. Well, apparently there's an easy fix after I did some research.
You need 2 main packages to get squidview to install.

Run the following
yum install gcc-c++ ncurses-static

After which you do the normal compile commands as follows:
./configure
make

Good luck!

SCP: bash: command not found on CENTOS

If you've installed CENTOS 6.4 minimal like I have, you might experience this problem. When you try to scp a file from one server to the next or vice versa and encounter this issue, you need to install the openssh-clients package.

To do this, run the following command
yum install openssh-clients

After the install, try to scp the file back and you'll see that it should work now

Good luck!

Extreme Networks InterVLAN Routing and DHCP Relay configuration

Previously, I brought you the idea of interVLAN routing on CISCO. Less is said about Extreme Networks but today I actually worked with a Summit 450 switch and it was fairly easy as well. The commands are a bit different but overall it wasn't anything too hard. Since I can't remember all the commands off hand, I'll just try to talk about what I remember

Firstly, configuring a vlan goes like
configure vlan "VLAN2" add ports 1 - 24 untagged
configure vlan "VLAN2" ip-address 10.0.2.1 255.255.255.0

configure vlan "VLAN3" add ports 25 - 48 untagged
configure vlan "VLAN3" ip-address 10.0.3.1 255.255.255.0

Enable routing:
enable ipforwarding "VLAN2"
enable ipforwarding "VLAN3"

DHCP Relay goes something like this:
enable bootprelay
configure bootprelay add 10.0.10.2 #This points to your superscope DHCP Server
#Also make sure to create route so DHCP knows which gateway to pass through to send back the information

Don't want DHCP relay? Instead you can do DHCP server on the switch itself using something like this
enable dhcp
configure dhcp address-ip-range 10.0.2.1 - 10.0.2.254 #THIS IS WRONG SOMEWHERE, BUT THAT'S ESSENTIALLY HOW THE COMMAND GOES

Sorry, some of the commands may be wrong because I'm trying to remember from memory with only 1 day experience

CISCO InterVLAN Layer 3 switch to switch routing

This has always been a challenge for me since I never did the CCNA courses or other practical courses. However, I have realized that most people who do the tutorials on the internet and even official cisco documentation is either extremely poor or too technical to understand the basics so here goes with my explanation which I have tested.

Why would you want VLANS (Virtual LANS)?
Well for me, it basically comes down to "broadcast domains". Essentially, this just means that you don't want a flat network because flat networks have too much broadcast data such as DHCP and so forth. This essentially affects the way your ip schema works because its hard to assign an ip to a specific building (however this is not the only reason but this was my reason). Anyways. so let's say you having a building called Building A and you want the computers in that building to have a specific ip scheme such as 10.0.2.x / 255.255.255.0 and then you have a building B which needs to have 10.0.3.x / 255.255.255.0. Essentially, you would want to assign VLANS so that the traffic stays within each building (this of course is just my example, since VLANS can be used at multiple locations - I'm just making it simple).

Why would you want InterVLAN Routing?
So in order for building A to be able to talk to Building B, intervlan switch to switch routing would need to occur (or is the easiest solution for off site metro-E infrastructure) because the communication would happen at the Layer 3 (IP layer) instead of Layer 2 which isn't very smart to route traffic. So now, the switch at Building A would be set to a different ip scheme, like example 10.1.0.1 / 255.255.255.0 on VLAN 100 while Building B's switch would be 10.1.0.1 / 255.255.255.0 on VLAN 100. This allows the 2 switches to communicate via VLAN 100. So you would then enable ip routing to ensure that Building A on VLAN2 can go through VLAN100 to reach Building B on VLAN3. This is referred to as intervlan routing but includes switch-to-switch configuration. This is apparently different from trunking - don't ask me why per say. Also, in order for computers on in building 1 (VLAN 2) to be able to know how to get to Building 3 (VLAN 3), the switch at building 1 would have to have a route to the switch at building 2. For example, if it the destination is therefore 10.0.3.x which means it has to go to building 2, then the switch would have a record as such with the gateway of building 2's switch which is 10.1.0.2 and vice versa must happen at switch 2 to complete the "cycle" for duplex communication. If you put a route on one switch and don't put it on the other switch, then only simplex communication will occur in which case pings won't work etc.

This ended up being complicated but read it through a few times

Pushing active directory updates to clients

So technically speaking, pushing updates from Active Directory group policies don't exist. The group policy has an interval which can be set low which allows computers to refresh / update its policies but this can cause potential problems of network congestion and high load on your active directory server. The good news is that there's another trick which works but with more eficiency.

The solution is using a third party application called SysInternals Suite (I believe it is now owned by MS)
You can download it from http://www.systeminternals.com
Extract it into a directory such as C:\sysinternals
Now you'll need to get to a command prompt (HINT: Run -> cmd.exe)
In the command prompt type each line and press enter as follows:
cd C:\sysinternals
PsExec.exe \\COMPUTER1 gpupdate /force

The above command essentially tells the remote computer "COMPUTER1" to execute gpupdate /force
gpupdate /force basically makes the computer refresh its group policy by pulling it from the active directory
If you are successful, you'll see a response like

Updating Policy...
User Policy update has completed successfully.
Computer Policy update has completed successfully.
gpupdate exited on COMPUTER1 with error code 0.

With a little scripting, you'd be able to do this command on multiple computers

Good luck!

What people don't understand about the search engine

I've gotten 2 requests so far for the removal of "personal information" from the search engine. The problem is that this information is available via other public means. I don't know if the people that request the removal understand that this information is available to the public and that is how I got the information. In any event, I have removed the information because I am not interested in invading someone's privacy which they have already published anyway. The intention of the search engine is to make it easy for someone to search for your contact via the internet instead of having to turn pages to find it - that was all, period. I hope everyone understands that the systems are designed are not here to violate their privacy and to cause problems. I am more interested in research of the systems I build with respect to performance and design.

Pages