Jeff’s Blog

I am redoing the IDS system at work.  The current IDS uses snort and BASE.  Base just isn’t able to keep up under the current load.  We got a new quad core server with 4 gigs of ram that should do nicely for base.  I also decided to redo the sensors at the same time.  They were both running FreeBSD and I wanted to go to CentOS 5 because I am much more familiar with it than FreeBSD.  I installed CentOS 5 and did a test run with tcpdump.   It just can’t keep up the kernel is dropping packets even when loging just the raw packets to a file.  The traffic isn’t huge its about 3000 packets per second (around 32 Mbps).  Even after tunning some kernel parameters and some network parameters it was still dropping packets.

From what I have read the FreeBSD network stack is a lot better at this type of thing.  I am testing another FreeBSD box to see if it can keep up without dropping packets.  If it can keep up then I am going to use freeBSD for the sensors and stick with CentOS for the BASE front end.

UPDATE:  FreeBSD took it like a champ 0 dropped packets, so it looks like its FreeBSD for snort

Linux has come a long way in the 9 years I have been using it.  I have seen it go from very difficult to set up to a breeze to set up.  I have gone from X windows with some minimal menus to beryl  running gnome.  We now have a halfway decent office suit in open office.  A lot of people say that it is ready from the average user.

I have to say it is no where near ready for the average user.  I have come to this realization while trying to install feisty on my Dell Inspiron laptop.  X windows didn’t work out of the box so I had to use the text install and get the fglrx driver installed. That problem is nothing compared to my wireless problems.  The built in card is an unsupported broadcom card which can be made to work without WPA support with ndis wrapper, but I need native support for WPA and also to use in kismet.  So I found a spare  linksys WUSB54GC card which is supposedly supported.  I see access points but I can’t connect to any so I do some googling and it seems you need to recompile the driver.  Unfortunately I couldn’t get it to compile in Fiesty but apparently it worked in edgy.

Where am I going with this?  If I with 9 years of linux admin experience, a RHCE, and a CS grad can’t get a wireless card working what chance does my mom have?  The open source community has failed at making the hardware easy to setup and configure.  The community bickers and fights and is all ego driven, and projects fork when someone gets their feelings hurt.  I am all for the open source movement, but just like communism human nature will always get in the way.  Linux has been around for over 10 years and still the desktop percentage must be less than 1% of the total desktop market.  Just look at the leaps and bounds apple has made coming out of no where with OS X.  Just think how much bigger the open source development community is.  If we could have been this focused and driven we could be much better off.

The number 1 thing I think that has hurt the linux community over the years is the number of distributions.  We have fedora core, Ubuntu, suse, and many many many more.  None of which have a consistancy of where system files are located.  The biggest hurtle to linux adoption is lack of commercial applications.  The small business of the world needs to be able to run office, access, excel, quick books, etc.  I know it is a chicken and egg problem but it is made that much worse by all of the distributions.  A company looking to release its software on linux will have to support dozens of different distributions, instead of just 1, like when they ported their software to OS X. This also makes driver support a nightmare as now you have to have the user compile their own drivers every time they upgrade their kernel, not to mention all of the different versions of libraries that are out there.  I don’t blame the hardware and software companies for ignoring the linux desktop market.  It just doesn’t make since at this point.

Do I think that linux is doomed?  No not at all it is a great server product and continues to get more and more market share, and better support of enterprise level hardware.  If the open source community could get its act together and stop bickering, get some consistancy as far as the distribution are concerned.  Also the state of drivers is key.  I am not a developer so can someone tell me why do all the kernel modules have to be recompiled each time a new kernel is installed? I don’t have to reinstall all my drivers when windows updates its kernel. 

I finally got around to loading Ubuntu Fiesty on my lap top.  The installation was not at all painless.   X would not start when I loaded the live CD, so I had to download and used the alternative install CD with the text installer.  The live CD for Edgy worked fine and it was using the VESA X driver so it should have worked just fine with my ATI 1300.  After I got the OS installed X still did not work.  After installing fglrx driver X started to work.  The built in compiz 3D desktop doesn’t work as compositing is not support in the fglrx driver.  I will install the latest Beryl RC and see how that goes.  Other than that everything seems to work except my wireless which has never worked.  I may have to get an add on card as I need native wireless support to use kismet not the ndis wrappered windows driver.

The conversion from below post didn’t go as smoothly as planned.  After the new server was online no one could modify their Frontpage sites.  None of the roles or user permissions were showing in the Frontpage Administration site.  I did a recalculate on the web but that didn’t fix anything.  So I just switched back to the old VM server.

I did some research and found this document.  The files that have all the permissions in them are kept in c:\Documents and setting\All Users\…..!  Who designed that?  You would think that would be a common thing on google when you search backup frontpage, but I had to dig to find that.  I wasn’t even backing up that directory but I sure am now.  After restoring that directory then everything was  working as usual. 

So the lessoned learned here is Microsoft programmers smoke the crack and always test your disaster recovery plan.  Especially now that VMware server is free there is no excuse not to test it.  Your family will thank you later when they aren’t starving and sleeping on the street because you were fired.

There is no such thing as redirection in backup exec for a system state recovery.  It will let you do this at least in version 9.1 (yeah I roll old school).  It restores the files just not in the right place.  You must change the name to match the old machine then run the recovery normally without file redirection.  In my case the old machine is still running, but it won’t for the life of me convert from VMware GSX 3.0.0 to VMware server 1.02.  So I just wanted to restore the system state to a new VM I created then restore the date files all the while keeping the old server up and running.

Instead I had to shut down the original server, assume the identity in the fresh install and recover system state.  Then shut it down and change the name and IP and restart the old server.  I am now doing the full recovery of the date files to the new VM.  When I am ready to change to the new VM I will shutdown IIS run a differental backup and restore that to the new server.  All in all less then a half hour of downtime.

I hope the engineers are better than the support at 3ware.  I opened up a web ticket about not being able to use 1 large 6 terabyte  partition  in  windows 2003.  In the mean time I used my google foo and found the answer.  A MBR volume only supports 2 terabyte partitions, a GPT volume support some huge number in the exobytes.  Windows 2003 will only boot off of an MBR volume.  So you must make 1 small boot volume and 1 large data volume.  So when I did the whole 6 terabytes showed up and I was able to make 1 huge partition.  In the meantime I get a response to my support ticket that tells me to upgrade the firmware. Number 1 that will never work wince its a windows limitation, and number 2 the version they suggested that I upgrade to isn’t even on there website. I wish companies would charge a little bit more for their product and actually hire people that know what they are doing.  This support ticket is probably one that they get all the time.  I don’t know why there isn’t a little warning on the front of their support page as this probably happens to 90% of there windows clients that use more than 2 terabytes of space.

It should be fairly easy to write a perl script that will map out a cisco network architecture given access to the core switch and that all connecting devices will allow the core to telnet or ssh to them.  The command show cdp neighbor detail will give you all the info you need.  The ip address, device name, and the port that the connecting device is on.  Then just throw all of those ips on a queue telnet or ssh to them and repeat show cdp neighbor detail on each device making a list of the devices you have already connected to so that you don’t get caught in a loop.  You will also have to query the device to see if it is Cat OS or IOS.  Shouldn’t be too hard with expect and perl.  I will put this on my someday maybe list.

My wife likes to loose cell phones, she has lost both of ours in the last year.  We are currently using old samsungs that have been washed a few times (she also likes to wash phones) and barely work.  From what I have read on the internet you can buy a cheap prepaid GO phone from cingular and pop your regular sim card into it, and it should work just fine.  So I ordered a refurb Nokia 6030 for $30.00 delivered.  If this works out I may get the Samsung X507 to replace my old phone for $40.  This is better than buying a full price phone from them that would have been around $150 for a cheap o nokia.  Of course I never would have bought a full price phone from them, I would have picked up an unlocked one on ebay.

Microsoft is going to be releasing an update for the 360 this may.  It will add Live messenger integration (don’t care I am anti social.)  It will also add lots of features to the video playback functionality.  The release says that is will include support for MPEG 4 and H.264 support.  I doubt that XVID and DIVX will work though as the release says that MPEG4 only support Simple Profile with 2 channel AAC.  Both DIVX and XVID require Advance Simple Profile support.  Also only 2 channel sound is disappointing.   I guess I will go forward with my plan of transcoding all my XVID files to WMV with 5.1 sound apparently Transcode360 supports this.  My PC is too slow for TVersity to do a decent quality transcode, it will only keep up with 320X280 which doesn’t look great on a HD TV.

There are however some great features in this update including low power background downloading, folder hierarchy for video content, bookmarking the last location of each video file played, switchable aspect ratio during video playback, and splitting all files into 10 “chapters” so that you can quickly skip around a file.  I will finally be able to organize my videos searching through over 100 files looking for a Disney movie isn’t fun.  I wonder if it will allow me to do shortcuts so I can do a more complete category sort with the same movie in multiple places?   Bookmarking is also huge as I don’t want to pause a movie and leave my XBOX on if I have to go do something.  The chapter split is ok and would have been a bigger deal if bookmarking wasn’t included.

I love VMware I have transfered 8 servers onto 1 huge server (8 way (2 quad core) 16 gigs of RAM).  The machine isn’t even breaking a sweat.  I plan on moving a few a few more servers over so around 12 when I am done.  These aren’t heavily used servers or anything but we have so many servers that pop up all over the place because people don’t like to share.  VMware is the perfect solution all they have to do is pay the OS license for windows or free for Linux.

I also love VMware Converter.  It takes a physical machine and converts it into a vmware image.  I have transfered 3 physical servers and the users don’t even know.  The other great feature is that you can individualize  a  vmware image using sysprep.  I  have a vanilla  install of 2003 server with all the patches installed that I created.  I then use vmware converter and individualize the image and now I can have a fully patched and ready to go 2003 server in 15 minutes!  I am also making a base of Ubuntu and CentOS.  Now the only thing left to do is figure out to do with all the space in the racks when I am done, and what to do with all the old servers.  I vote lots of epoxy and make sculptures out of them to put out in front of IT.