Loving the Summer in New Zealand

As we’ve got our fair share of folks who have only recently come to New Zealand in our team at work, we were discussing the many and varied things that can be done to soak up the incredible sights of summer in our region.

One of our guys really enjoys the outdoors and suggested “Epic Little Missions” as a great site which has curated some nice walks in the great outdoors. Having lived in Auckland my whole life I’d never come across the site myself but I’ve done quite a few of the walks it recommends. Certainly one for us to refer back to when kids need to get outside and enjoy the incredible 3D graphics, resolution and realistic haptic feedback of the outside world.

Testing NAS speeds

So, recently I had reason to try bench-marking an off the shelf NAS server against an Opensource alternative and I wanted to ensure the tests would be as fair as possible (and quick to implement).

As an aside, I thought that because it has been literally YEARS since I’d publicly documented any of my IT related antics, that I’d post this in case it helps others trying to do something similar.

I settled on writing a quick and dirty batch script which would, from a hard wired LAN client, map network drives to the two devices and copy a 1GB file to each. Prerequisites were;

  • Use a 1GB binary file (as binaries are the predominate file type transported in the environment).
  • Windows 10 native applications/commands only
  • Be as ‘pure’ as possible in measuring the raw IO of the devices being tested
  • Measurement needs to be granular enough to determine which device was performing the fastest.
@ECHO OFF
REM This script creates drive mappings to NAS devices
REM A 1GB file is written to NAS each in turn and timings are recorded
REM ------------------------------------------------------------------

REM Setup NAS Drive Mappings

NET USE S: \\123.45.67.89\WritableShare /WRITETHROUGH /PERSISTENT:NO
ECHO Existing NAS Mapped to S:

NET USE T: \\123.45.67.90\WritableShare /WRITETHROUGH /PERSISTENT:NO
ECHO Existing NAS Mapped to T:

PAUSE
REM ------------------------------------------------------------------

ECHO Start Measure NAS-1 %Time% > C:\Users\myusername\Desktop\TestNAS_IO.log
ROBOCOPY C:\Users\myusername\Desktop\1GB S:\zTEST *
ECHO End Measure NAS-1 %Time% >> C:\Users\myusername\Desktop\TestNAS_IO.log

ECHO Start Measure NAS-2 %Time% >> C:\Users\myusername\Desktop\TestNAS_IO.log
ROBOCOPY C:\Users\myusername\Desktop\1GB T:\zTEST *
ECHO End Measure NAS-2 %Time% >> C:\Users\myusername\Desktop\TestNAS_IO.log

REM ------------------------------------------------------------------
Echo Destroying Drive Mappings
NET USE S: /DELETE
NET USE T: /DELETE

Pause

In the script above, we initially create drive mappings to writable shares on each of the two devices.

The switch /WRITETHROUGH is a new function in Windows 10 which forces writes to go from client to the destination without getting caught up in any Windows (or other in-the-middle) caching in-between. The same tests can be re-run omitting the /WRITETHROUGH during drive mapping to see what (if any) effect caching has on the file copy process.

On our test client, we have created a directory (labelled 1GB) in which we have downloaded our 1GB binary file.

Prior to initiating the copy (or, in this case ROBOCOPY) command, we write the current time to a log file stored on the Windows Desktop of the test client.

Finally, like any good script, we return the environment to its former state (by deleting the network shares) prior to exiting the batch file.

Looking at logs…

Looking at LogsI have recently had cause to pay a little more attention to the logs generated by my home firewall. While I use SARG for the day-to-day analysis, I needed a quick and easy command to fire at my squid logs to see what a particular device had been up to. This entry is by no means an exhaustive list, but it will serve as a handy reminder to me as to what I did to pull the data I needed to look at.
Continue reading “Looking at logs…”

pfSense: SARG Reports (v2.2.6 Update)

This post follows on from my (surprisingly popular) article “pfSense: SARG Reports Not Showing

After an update to v2.2.6-RELEASE I had re-inherited the same

Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.

error.

On jumping onto the firewall via SSH, it appears that, at some point the sarg-reports directory under /usr/pbi/sarg-amd64/local/ had been turned into a symbolic link (this may have happened via the reinstallation of packages following the update).

As such, any attempts to link /usr/local/sarg-reports to /usr/pbi/sarg-amd64/local/sarg-reports would result in;

/usr/local/sarg-reports: Too many levels of symbolic links.

Continue reading “pfSense: SARG Reports (v2.2.6 Update)”

Grabbing Video (back) from YouTube

Image Credit: Neuroventilator / Flickr
Image Credit: Neuroventilator / Flickr

Usual Disclaimers Apply: This guide should not be used to subvert copyright restrictions. Responsibility falls to the user to ensure they are not breaking the laws of the country in which they reside or breaching any restrictions placed on content published in, or on infrastructure where other jurisdictions and/or terms of service may apply. Ignorance is no defense*, if you don’t like the regulations as they stand, exercise your democratic rights and propose a solution for change. Continue reading “Grabbing Video (back) from YouTube”

CentOS 7 – CLI to GUI

CentOS7I’ve been playing with a few VMs as I try to figure out a new infrastructure for our office, and as part of this I’ve taken a particular shine to CentOS as a minimal build for my virtual servers. I then decided I wanted to get a few sandbox environments running with desktop software and, well.. that’s where the fun began!

After about twelvety-zillion restores from snapshots and reading, and forum trawling, and more restores, I think I’ve come up with a winning way to turn a humble CentOS 7 minimal build, booting to the lonely command prompt, into a bastion of desktoppy goodness. Hopefully this will be of use to someone else out there, if not – it will serve and a handy reminder to me as to what I did to get things running.

Continue reading “CentOS 7 – CLI to GUI”

pfSense: SARG Reports not showing

Image: Error: Could not find report index file. Check and save sarg settings and try to force sarg schedule.
Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.

This appears to be a somewhat common problem with the more recent pfSense installations, when SARG reports are accessed ({Status} > {Sarg Reports} > [View Report] Tab) the UI responds with:

Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.

Edit: 02/01/2016 – After an update to v2.2.6-RELEASE I had re-inherited the same error, this time however, it was caused by symbolic link weirdness – See the fix here.

Some users have reported that changing options in the [General] tab, saving, then forcing a schedule has resolved this issue, I have not been so lucky, so the following is what I needed to do to fix things.

Continue reading “pfSense: SARG Reports not showing”

PASSWORD MANAGERS, CRYPTOGRAPHY, AND TRUST

So, a friend* of mine asked me yesterday, (following my posting of an article), what I thought of a particular password manager – I obviously wanted to answer her question. I then decided that since I was in for a penny, I might as well be in for a pound and here we are, (hopefully) fixing my response, and posting it in a more readable format.

The status post that launched a thousand words...
The status post that launched a thousand words…

TLDR; No. I don’t especially like the look of it. You have to trust a company who is making money out of (hoping) their product is secure. I personally like KeePass ( http://keepass.info ) which works on all my devices and, coupled with a internet sync service (that also leaves you comfortable with the level of security offered), works on all my devices.

Continue reading “PASSWORD MANAGERS, CRYPTOGRAPHY, AND TRUST”

UPnP – Why I don’t allow it on my Home Network

The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network.

TLDR; UPnP is a flawed protocol which has been leveraged numerous times to conduct widespread attacks via large numbers of insecure devices. Do not enable UPnP on your network. Or do, but understand the potential consequences of your decision.

The rest of what follows is a rant/opinion/soapbox based on a number of years of experience in the real world of IT Security and Risk Analysis, and the cumulative research on the subject that goes with such. Continue reading “UPnP – Why I don’t allow it on my Home Network”