Bus error: Jake Billo’s weblog

While it may seem like all I write about these days is Rogers, it’s really the only thing I’ve been dealing with on the service provider front. All my other corporate relations have been going well: I pay people money and they provide a service without bothering me unduly. (I must congratulate the wireless business for their 6GB data plan extension and forthcoming reasonably priced data packages, although one could make the case that Telus and Bell really forced them into it.) This time, it’s about the Internet side of the equation.

Beginning July 18th, Rogers began implementing a provider-wide SiteFinder-style service, where users are redirected to a “search” page with sponsored results for mistyped and nonexistent domains. On a technical level, I fundamentally disagree with this change: it breaks the concept of NXDOMAIN (a useful “domain does not exist” response) and makes things much more difficult to troubleshoot with respect to network architecture. The only reason I haven’t bitched and whined about this much earlier is that I’ve been using OpenDNS for completely unrelated reasons. It was only when my roommate Alex complained about VPN connectivity that I actually looked into the issue.

It turns out that Rogers’ marketing effort completely bricks internal domain resolution for a lot of common VPN clients, including the default Windows XP offering. So if your company, like many others, has internal domains such as corpweb.example.com, Rogers’ search will open up with the terms “corpweb example” at the minimum. This practice has data exposure implications: not only does Rogers now know about an internal domain you’re trying to access, but a third party provider like Yahoo now knows.

If you were an employee of a competing search engine and trying to VPN from home, Yahoo would now know something about your internal network structure; this is bad news all around. Hitting a favourite or quick launch link to corpweb.example.com/livelink/llsapi.exe?doc=Network_Security_Breach_Sept0408.doc would reveal the choice of LiveLink as a corporate CMS, a dependence on Microsoft Word and a document detailing a potentially classified incident.

OpenDNS isn’t any better by default, either. They redirect search results and mistyped domains, and in the process intercept VPN traffic. To get around this, you have to create an account and blacklist corporate VPN connections from “helpful results” on a per-domain basis. The solution also involves downloading and maintaining a dynamic IP address update client, or setting a Tomato-enabled router to perform the same task.

What I’ve done for now is listened to the accurate advice on trevoro.ca and changed my primary Rogers DNS server to an unadvertised IP address: altdns.rnc.net.cable.rogers.com, or 64.71.255.202. This server seems reasonably quick for name resolution and returns proper responses when a domain is not found, allowing VPN software to resolve internal addresses.

The big news today (well, yesterday by the time this goes live) was that Windows Vista SP1 had released to manufacturing. Annoyingly enough, this doesn’t mean it’s available for public download yet, and end users will have to wait until in mid-March from Windows Update, or mid-April through Automatic Updates. I’ll keep my eye out for a validated copy from sources with access to the original MSDN files, because SP1 allegedly fixes some of the network copy issues I’ve been having recently.

As background, the network copy issues seem to involve Vista’s auto network tuning utility. I have a gigabit Ethernet connection between my Windows Home Server box and my primary Core2Quad system, and get about 40-50MB/s read speed without tweaking them using XP SP2 or Leopard clients. Vista, on the same Core2Quad and a 10K RPM Raptor drive, taps out at about 9MB/s and is often much slower than that, which is incredibly painful when working with 4+GB MKV files.

SP1 releases, at least with recent Microsoft products, have heralded new standards of stability and less crashiness. (SP2 really went above and beyond in fulfilling this role for XP, but it was an exception since it added additional security capabilities.)

The more interesting post of the day, though, is from Mark Russinovich’s blog in which he discusses the lower-level details of file copy operations. It’s definitely worth a read if you’re of the computer science mindset, and goes a long way to explaining some of the more intricate changes to Vista SP1.

From Boing Boing:

Western Digital is disabling sharing of any avi, divx, mp3, mpeg, and many other files on its network connected devices; due to unverifiable media license authentication.

The support page on the issue effectively notes that the ‘license authentication’ nonsense blocks any type of media from being accessed by anonymous share users.

I don’t own any WD external hard drives at present, but I’m sure as hell never getting one with these ridiculous restrictions, which look like they were penned by a third-world translator. I’ll stick with Seagate, who has decent pricing, good warranty service - and whose CEO is incredibly outspoken:

“Let’s face it, we’re not changing the world. We’re building a product that helps people buy more crap - and watch porn.”

Just checked out the Eclipse SVN site and apparently the issue with dashes in new PHP filenames has been resolved. I upgraded my work copy to the latest nightly build and things seem to be going well. (The October 1st integration build might be better stability-wise, but I’ve had good luck with the nightly builds.)

For the record, after the upgrade, loading my workspace took about five minutes (Core 2 Duo @ 2.16GHz, 1GB RAM) with no discernable progress bar or CPU activity. Eclipse effectively looks like it’s frozen. Be patient; it’ll load eventually.

PDT, though, is about the single most useful tool I find for PHP development at work. The next front-runner is WinSCP, which has a really neat feature, Keep remote directory up to date:

This feature lets you have complete synchronization between a remote SFTP server and your local Eclipse workspace. It also supports private key encryption.

As a pair to WinSCP, I also use PuTTY, with anywhere from one to five sessions open at a time. PuTTY offers a neat tunnelling option, which I’ve mentioned before.

You can also access internal servers using one of these tunnels; for example, if I want to connect to a remote desktop session on host 192.168.1.101:3389 on my internal network, I’d use the following syntax:

Source port: 127.0.0.2:3389
Destination: 192.168.1.101:3389

Then, after establishing the SSH connection, using the 127.0.0.2 alias in Remote Desktop lets me connect to the machine behind the NAT traversal firewall.

Notepad++ is another program I highly recommend as a replacement for Notepad. If you can’t use TextMate because you’re not on a Mac, Notepad++ is an acceptable substitute. It offers some neat syntax highlighting features, and saves session history even when you exit.

Paint.NET is also a decent image editor, allowing you to verify hex values for colours and perform some minor tweaks to images without incurring the load time and aggravations in Photoshop.

A puzzling problem lately arose when I was asked (through our consulting business) to find a better contacts, calendar and task synchronization solution for a BlackBerry device and Microsoft Outlook. Typically, large business and enterprise users have little issue with this problem, since BlackBerry Enterprise Server for Exchange, GroupWise or Domino takes care of the process. That’s not the case for individual, BlackBerry Internet Service users, who have to connect their device through USB and have the Desktop Manager software perform the synchronization.

This process is less than ideal for small business users, cost of which is only one factor. (You can get a free copy of BlackBerry Enterprise Server Express for one user, which is expandable for up to fifteen users with additional client access licenses.) Unfortunately, it’s not just the software itself that users balk at paying for - you have to be running Exchange Server, Novell GroupWise or Lotus Domino as your backend email server, which can be a much more expensive proposition than BES itself. In my client’s case, they’re running a package called AltN MDaemon for Windows, which provides OWA-like functionality through a component called WorldClient. BES was not an option in this case.

Fortunately, MDaemon (through WorldClient) does support a standardized component called SyncML. Using this guide, I was able to provide the following solution:

• The user account on the MDaemon server (userid@example.com) is accessed using the Outlook Connector component. This keeps all mail stored on the mail server, but also has the side effect of storing contacts, calendars and notes in IMAP-like format on the server as well.
• Mail coming to the MDaemon server for userid@example.com is also forwarded (using mail rules/filters) to the BIS account - in this case, userid@example.blackberry.net.
• The WorldClient and SyncML services are activated on the MDaemon server - for example, at http://mail.example.com:34567/.
• Using a component called SyncJE installed on the BlackBerry device, contacts, calendars, and tasks are synchronized with the server copies. This synchronization can be done manually, to keep data usage in check - or automatically. SyncJE is a fifteen-day trial with a nag screen, and is $39.95 to purchase.
• The following settings are used for SyncJE on the BlackBerry:
  

  URL: http://mail.example.com:34567/MDSyncML.dll (where mail.example.com:34567 is your WorldClient URL)
  Username: (the username for the MDaemon account)
  Password: (the password for the MDaemon account)
  Contacts Folder Name: contacts
  Calendar Folder Name: calendar
  Todo Folder Name: tasks

  The Zen Software site notes that “If you want to synchronise a Public Contacts, Calendar or Tasks folder instead then use the following format in the FolderName field instead:

  ./Public Folder/company.mail/Contacts”

While I can’t officially recommend this solution as the best option, it works well for my client’s needs, and may assist you with your own personal scheduling systems. For example, SyncML components may be available for your mail server, which would also work with SyncJE.

It’s been about 20 days since I was last able to crank out a post for the site - I’ve started a few entries but haven’t been able to finish anything of substance.

Work has primarily been what’s on my mind. I’ve finished - or at least stabilized - a large custom application for my job, which has new heights of reliability and performance compared to something like SharePoint Server and Project Server 2007.

For reference, and for any of you tasked with implementing a Windows 2003 Server / IIS / SharePoint / Project Server installation should read the available documents and get some good books first. Then, plan to install it at least five times before you get the hang of it. Here are just a few things that could, or did, go wrong during my test implementation:

• If a computer is not associated with a domain - just a workgroup - you’ll have to have some way of synchronizing usernames and passwords. This is acceptable if there are less than fifteen users, but if there’s a required password change every X number of days, then you’re looking at a serious problem.
• Implementing anonymous surveys, regardless of all the articles indicating that this is indeed possible, means that you will suffer ongoing pain. Drawbacks include absolutely lousy support for anonymous users in SharePoint in general; Firefox will call up a domain login prompt regardless of your IIS anonymous access settings, and that’s just the tip of the iceberg. Want to replicate the worst problem on your own setup? Create a survey with a page break in between the questions. Not only is it a UI nightmare (”Next” versus “Save”), but I can guarantee you a few sparring rounds with the Permissions Page of Death - even in Internet Explorer.
• Don’t migrate from a workgroup to a domain. Just start with a domain installation, even if it takes you through a maze of red tape to get a box connected. I was able to save a complete SharePoint content database, but Project Web Access is unforgiving if you decide to do such a migration. I couldn’t even log in once the process was complete.
• You will need a beefy box to get started with this sort of thing. Plan for at least a two server deployment, with a dedicated SQL Server database box and a dedicated web frontend. In my experience, performance on a standalone system was unacceptable with even two simultaneous users. MediaWiki does a much better job running on lower-specced hardware.

Don’t get me wrong - SharePoint, when installed and running properly, is a really neat collaboration tool that supports wikis, discussion boards, and all other manner of accountable content. When adding the Project Web Access component, though, strap yourself in and prepare for a wild adventure of babysitting installation processes.

In personal news, I’m still running the RC1 build of Windows Home Server, which is actually a remarkably long time for me to run any particular OS. I’ve heard rumblings of possible releases, and I would like to move to the RTM version, but so far none of my sources have been forthcoming. One thing I’d like the ability to do is dedicate a larger partition size to my System drive, which was locked at 20GB when I installed the operating system. After a few installations, my Program Files directory looks like it needs to be relocated.

For the record, don’t attempt to install Steam to your D:\shares storage pool. You’ll get miscellaneous errors and it’s just not worth the hassle.

Hardware news? I recently bumped up to a Intel Core 2 Quad Q6600 with 4GB RAM for my main box, and added a Tuniq Tower 120 for cooling. The heatsink, besides being comparable with the “fins of death” passively cooling a Compaq Celeron 333 I once owned, is quite the nice addition and is currently allowing a 3GHz overclock with no issues. I still might need to tweak things a bit, but this guide at Anandtech was quite helpful getting the initial settings configured. As it stands, WinRAR absolutely flies when cranking out archives.

I think the biggest problem in my setup right now is the speed of disk access; Windows Home Server runs a drive rebalancing service in the background and often it seems like it’s kicking in at the least convenient moment. There’s an appreciable difference going from a 7200RPM Seagate Barracuda drive to a 10K RPM Western Digital Raptor. I’d like to see what running two Raptors in a RAID-0 configuration adds, but the drives are expensive enough that it’s not an idle experiment worth performing.

Edit: fixed some poor grammar.

ArsTechnica writes that Remote Desktop for Mac 2.0 beta has finally been released. It’s now a Universal Binary, which means that it runs natively on Intel OS X systems, while consuming less RAM and picking up speed. Apparently this version will expire in March 2008, which means we’ll have to see another update before then.

I’ll be trying this first thing tonight, as my client of choice for a while now has been CoRD which supports “tabbed” sessions for multiple connections.

It’s “System Administration Saturday”, which is my new informal term for all the maintenance and hijinks required to maintain a stable home network and computing environment each week. I have a significantly overcomplicated LAN, but it’s necessary to maintain the concept of “access from anywhere” that I enjoy being able to use.

Along with the usual maintenance required during the week, one of the things I figure I should do is maintain a real-life changelog of what goes on so that I know what might’ve recently been changed. Today’s can be summarized as:

• Enabled the jumbo frame setting on bender and monolith with a payload size of 9000 bytes. I’m still only seeing spikes of 20% usage on the gigabit Ethernet adapter from bender, but file transfers across the switch are slightly improved in speed.
• Attempted another fix to the WRT54G v8’s port forwarding configuration to resolve FTP passive mode issues. No word on whether this has worked yet; if not, I’d be willing to bet there’s something odd with FileZilla Server requiring a reinstallation.
• Resynchronized the bender dropbox and downloads folders to monolith. monolith’s disk space is sitting at 475GB free of 1.71TB total. There’s room in the box for one more internal SATA drive and one eSATA unit, but I’d need a new, reliable enclosure to put an eSATA disk into production.

Along with these changes, I’ve compiled a list of several potential new upgrades that would be “nice to have” items whenever I get a bit of spare cash:

Edit: Fixed table formatting to be less… wide.

Let’s say you have a shared web hosting account on a random cheap provider, and the only way to access the MySQL server is to either connect from an SSH command line or use phpMyAdmin. While both of these options are okay, in some circumstances it’s not exactly wise to have a phpMyAdmin installation publically accessible, as it lends itself to repeated bruteforce attacks and is subject to server configuration changes. I know on my personal server, there have often been times that I’ve inadvertently left a myAdmin installation wide open for anyone to monkey with the database.

I also enjoy using an application called SQLyog, which is a Windows GUI tool for managing MySQL databases. The Community Edition of the application has proven to be more than sufficient for my random projects, and I highly suggest anyone doing database work on Windows take a look at the application.

Using some details from this article, with an updated version of PuTTY, here’s how I go about configuring my local system to connect to a remote MySQL server:

Start PuTTY:

Define your connection settings and save them:

Navigate to the Connection / SSH / Tunnels view, and provide the following settings:

Source Port: 3306
Destination: localhost:3306
(This assumes you don’t have a MySQL server running on your local machine. If you do, change localhost:3306 to localhost:freeport where freeport is the number of a free port on your workstation.)

Click the Add button, then save your connection settings. In the Forwarded Ports list, you should see L3306 localhost:3306.
Open the connection and sign in to the remote system.

Start SQLyog and define a connection to localhost:3306.

Your connection will be tunnelled through SSH to the remote server transparently. Make sure that you close SQLyog before you close the PuTTY tunnel.

Let me know how this works for your development situations - even if you have direct access to the MySQL server, you should still check out SQLyog for database development if you haven’t already tried it.

I figured that it might be a good idea to draw up a network diagram of my home setup in preparation for a DSL installation later this week. Since about January, I’ve been investigating alternate internet service providers, since there’s no way I can afford having a slow or disconnected Internet line. If Rogers decides to implement bandwidth throttling or caps, I want to make sure there’s a backup connection in case the 8Mbit Extreme line gets pulled or shaped.

I signed up for the 5MBit unlimited DSL package from TekSavvy; they’ve been getting incredibly good reviews on BroadbandReports (DSLReports) and they have technicians active in the forums all the time. I also decided to go with a guaranteed static IP address for the line, since they specifically don’t block any ports.