You are here

Risharde's Blog

Stay away from EVE and SANTA ROSA brand products in Trinidad and Tobago

I noticed today that EVE brand canned sausages did not include the cholesterol values in its nutrition facts. Santa Rosa also DOES NOT put the values anymore either! What you may not know is that in nearly every can of sausages, there is about 40 mg of cholesterol per serving - which I can tell you is not very good for you to consume often from my experience. What does this imply? I would guess that EVE is purposefully not putting the value on its products in order to get it sold which I believe is wrong and I therefore distrust them even more now. Can you imagine what else they may not be putting on their products? You wouldn't even know what you are eating. This is unacceptable and a very shady practice and a big shame on EVE for doing this.

Some potentially interesting firewalls

I just came across 2 interesting software based firewalls that I'd like to test in the future so I'm just making a note of them

Vyatta and Untangle

So far, I've looked at a demo of Untangle and I think this is really good. I didn't see any Active Directory integration but other than that, the firewall's interface seems really easy to operate and configure.

I'll keep you guys posted

Juniper vs Checkpoint Vs Fortigate

For the techies at heart, found a nice comparison table which seems to be recently added (2013) of some popular hardware firewalls

It seems the fortigate is in a different league altogether so aside from that device, I'm wondering which one really is better between the Juniper and the Checkpoint. In terms of ease of set up, I'd assume is the Juniper because it has a built in GUI to manage it but as you can see, it can handle only about half the amount of sessions as a checkpoint. I don't want to talk at the top of my head but I think for me, I'd make an intelligent guess that the checkpoint would be more valuable in the long run against concurrent attacks if it can handle twice the amount of sessions than the Juniper. On the downside, it doesn't come with a built in GUI so it means you'll have to use an external app. In any event, this can also be seen as an upside since it might be less likely to be attacked via the GUI and/or be less vulnerable to 0-day exploits.

Memcached on CENTOS 6

Okay, thought it was hard but it is pretty easy

yum install memcached

nano /etc/sysconfig/memcached
and make sure the following (tweak as you see fit)

Now save

Then start up memcache using
service memcache start

Then let memcache automatically startup on boot
chkconfig memcache on

Now install php support
yum install pecl
yum install php-pecl-memcached


Rsync Problems on CENTOS 6 Minimal

rsync: Failed to exec ssh: No such file or directory (2)
rsync error: error in IPC code (code 14) at pipe.c(84) [sender=3.0.6]
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(600) [sender=3.0.6]

To solve the issue, you need to install openssh-clients package
To do this type:
yum install openssh-clients

Good luck!

Missing SYSVOL Policies fix

Okay so Ishwar and I were having some issues with group policies not being updates. We looked at the AD controllers and noticed that a lot of the policy folders were missing and there was no one on the internet that could fix it without saying that the AD would need to be reinstalled. Well Ishwar had a good idea and it worked. He reinstalled the GPO manager by first uninstalling it and installing it back. It recreated the policies and saved us a lot of problems!

Good luck!

Installing SquidView on Centos 6

I was having a lot of problems with ncurses when trying to compile squidview on Centos 6. Well, apparently there's an easy fix after I did some research.
You need 2 main packages to get squidview to install.

Run the following
yum install gcc-c++ ncurses-static

After which you do the normal compile commands as follows:

Good luck!

SCP: bash: command not found on CENTOS

If you've installed CENTOS 6.4 minimal like I have, you might experience this problem. When you try to scp a file from one server to the next or vice versa and encounter this issue, you need to install the openssh-clients package.

To do this, run the following command
yum install openssh-clients

After the install, try to scp the file back and you'll see that it should work now

Good luck!

Extreme Networks InterVLAN Routing and DHCP Relay configuration

Previously, I brought you the idea of interVLAN routing on CISCO. Less is said about Extreme Networks but today I actually worked with a Summit 450 switch and it was fairly easy as well. The commands are a bit different but overall it wasn't anything too hard. Since I can't remember all the commands off hand, I'll just try to talk about what I remember

Firstly, configuring a vlan goes like
configure vlan "VLAN2" add ports 1 - 24 untagged
configure vlan "VLAN2" ip-address

configure vlan "VLAN3" add ports 25 - 48 untagged
configure vlan "VLAN3" ip-address

Enable routing:
enable ipforwarding "VLAN2"
enable ipforwarding "VLAN3"

DHCP Relay goes something like this:
enable bootprelay
configure bootprelay add #This points to your superscope DHCP Server
#Also make sure to create route so DHCP knows which gateway to pass through to send back the information

Don't want DHCP relay? Instead you can do DHCP server on the switch itself using something like this
enable dhcp

Sorry, some of the commands may be wrong because I'm trying to remember from memory with only 1 day experience

CISCO InterVLAN Layer 3 switch to switch routing

This has always been a challenge for me since I never did the CCNA courses or other practical courses. However, I have realized that most people who do the tutorials on the internet and even official cisco documentation is either extremely poor or too technical to understand the basics so here goes with my explanation which I have tested.

Why would you want VLANS (Virtual LANS)?
Well for me, it basically comes down to "broadcast domains". Essentially, this just means that you don't want a flat network because flat networks have too much broadcast data such as DHCP and so forth. This essentially affects the way your ip schema works because its hard to assign an ip to a specific building (however this is not the only reason but this was my reason). Anyways. so let's say you having a building called Building A and you want the computers in that building to have a specific ip scheme such as 10.0.2.x / and then you have a building B which needs to have 10.0.3.x / Essentially, you would want to assign VLANS so that the traffic stays within each building (this of course is just my example, since VLANS can be used at multiple locations - I'm just making it simple).

Why would you want InterVLAN Routing?
So in order for building A to be able to talk to Building B, intervlan switch to switch routing would need to occur (or is the easiest solution for off site metro-E infrastructure) because the communication would happen at the Layer 3 (IP layer) instead of Layer 2 which isn't very smart to route traffic. So now, the switch at Building A would be set to a different ip scheme, like example / on VLAN 100 while Building B's switch would be / on VLAN 100. This allows the 2 switches to communicate via VLAN 100. So you would then enable ip routing to ensure that Building A on VLAN2 can go through VLAN100 to reach Building B on VLAN3. This is referred to as intervlan routing but includes switch-to-switch configuration. This is apparently different from trunking - don't ask me why per say. Also, in order for computers on in building 1 (VLAN 2) to be able to know how to get to Building 3 (VLAN 3), the switch at building 1 would have to have a route to the switch at building 2. For example, if it the destination is therefore 10.0.3.x which means it has to go to building 2, then the switch would have a record as such with the gateway of building 2's switch which is and vice versa must happen at switch 2 to complete the "cycle" for duplex communication. If you put a route on one switch and don't put it on the other switch, then only simplex communication will occur in which case pings won't work etc.

This ended up being complicated but read it through a few times

Pushing active directory updates to clients

So technically speaking, pushing updates from Active Directory group policies don't exist. The group policy has an interval which can be set low which allows computers to refresh / update its policies but this can cause potential problems of network congestion and high load on your active directory server. The good news is that there's another trick which works but with more eficiency.

The solution is using a third party application called SysInternals Suite (I believe it is now owned by MS)
You can download it from
Extract it into a directory such as C:\sysinternals
Now you'll need to get to a command prompt (HINT: Run -> cmd.exe)
In the command prompt type each line and press enter as follows:
cd C:\sysinternals
PsExec.exe \\COMPUTER1 gpupdate /force

The above command essentially tells the remote computer "COMPUTER1" to execute gpupdate /force
gpupdate /force basically makes the computer refresh its group policy by pulling it from the active directory
If you are successful, you'll see a response like

Updating Policy...
User Policy update has completed successfully.
Computer Policy update has completed successfully.
gpupdate exited on COMPUTER1 with error code 0.

With a little scripting, you'd be able to do this command on multiple computers

Good luck!

What people don't understand about the search engine

I've gotten 2 requests so far for the removal of "personal information" from the search engine. The problem is that this information is available via other public means. I don't know if the people that request the removal understand that this information is available to the public and that is how I got the information. In any event, I have removed the information because I am not interested in invading someone's privacy which they have already published anyway. The intention of the search engine is to make it easy for someone to search for your contact via the internet instead of having to turn pages to find it - that was all, period. I hope everyone understands that the systems are designed are not here to violate their privacy and to cause problems. I am more interested in research of the systems I build with respect to performance and design.