WAN

Misguided security, episode 14

Dave Farquhar security, War Stories , ,

I was working in a data center, where we had a couple of Cisco VOIP phones. I don’t know who put them in or when–it’s possible they predated me. We never got them working, but nobody ever really tried, either.

The idea was that two guys working on servers in different datacenters across the WAN might need to talk. The reality was that we didn’t do that very often and usually had other ways to do it–a cellphone being the most obvious option. Our networking guys always had much more pressing issues than getting the VOIP phones working, so the phones just sat there and looked pretty. Until the wrong guy noticed them one day, that is.

Read more

How to clean viruses off other people’s systems safely

Dave Farquhar security, Viruses, Windows , , , , , , ,

What should you do when someone hands you a computer, tells you they think it has a virus, and asks you to clean it?

Proceed carefully, that’s what. You don’t want to infect your other computers with whatever it has.

To get it gone safely and effectively, you really need two things: an antivirus live CD, and a spare router.
Read more

How to secure your wi-fi router

Dave Farquhar Servers and Networking , , , , , , , , , ,

It’s not enough to know what to look for in a router. I wanted to get some solid advice on wi-fi network security. Who better to give that advice than someone who built an airplane that hacks wi-fi? So I talked to WhiteQueen at http://rabbit-hole.org, the co-builder of a wi-fi hacking airplane that made waves at Defcon.

Hacker stereotypes aside, WhiteQueen was very forthcoming. He’s a white hat, and I found him eager to share what he knows.

Read more

Meet Robocopy

Dave Farquhar Windows , , , ,

If you remember the days of DOS, you know the difference between COPY and XCOPY. For those times when XCOPY won’t cut it, there’s ROBOCOPY, part of the Windows resource kit.If you just need to sync up two directories, Robocopy does it happily. Type ROBOCOPY source destination, and it will happily copy new and changed files over, while leaving identical files alone. This can save lots of time.

ROBOCOPY.DOC will give you lots of tips and ideas for using the program.

I have to do a lot of work over a WAN, and sometimes the network conditions are less than optimal, to put it politely. By that I mean sometimes I get nostalgic for the 9600 bps modem I had in high school, because it was faster and more reliable. Robocopy will detect errors and retry, which is a huge help in these conditions.

One thing I do frequently is copy single large files. The documentation file isn’t very clear on how you do this, and the syntax is tricky. Here’s how to copy a single file between two servers or directories:

ROBOCOPY source destination file(s)

Here’s a line I use a lot, to shoot out new virus definitions to my management servers:

ROBOCOPY . "\\servername\c$\program files\symantec\symantec antivirus" *.xdb

This is just a glorified copy command, but if any part of it fails, it will retry until it works.

In the past I’ve also used Robocopy to move file shares when upgrading file servers. I’ll create the share on the new server, copy everything over, and then, in off hours the night before the cutover date, use Robocopy to sync them up. Here’s an example:

robocopy \\oldserver\accounting \\newserver\accounting /MIR

Of course, since Windows has had DFS for 8 years now, you’re using DFS for everything now, right? Of course not. So for the times when you have to replace a fileserver and migrating to DFS isn’t an option for whatever reason, Robocopy is your fastest and easiest option for a cutover.

Well, Episode III could have been worse…

Dave Farquhar General , , , ,

I went and saw Revenge of the Sith tonight. I can say it definitely felt good to see a Star Wars story in the theaters one last time. (This is supposed to be the last time, after all.)

What else can I say? They weren’t the atrocities the first two movies were. Overall I still don’t think it was any better than the originals, but I do think there was a lot of room for improvement. (Don’t worry, there won’t be any spoilers here.)Let’s talk about the good first. First and foremost this is an action movie, which is good, because action is what George Lucas does best. This is a fast-paced movie that doesn’t get bogged down in committees, which is good. If you want committees, you can watch CSPAN and it won’t cost you $8 all the time.

There are plenty of special effects here, but it seemed like Lucas tried to rely on special effects to make up for the shortcomings in the first two movies. There’s less of that in this one. I can’t think of a point in the movie that looked like special effects just for the sake of special effects. In a time when Pixar and Dreamworks SKG each release a movie a year featuring entire computer-generated worlds, that trick doesn’t work anymore, and it’s good that Lucas realized it.

Oh, and what about Jar Jar Binks? He makes a brief appearance, but it’s just a few seconds at most and he doesn’t say anything.

So what’s wrong with it?

Dialogue still isn’t Lucas’ strong point. It’s better this time than sometimes (at least someone asks "What’s the matter with you?" in this one; I remember an earlier movie having a line "What’s troubling you?" which just isn’t the way anyone talks) but the things people say still seem contrived, and at times it seems like the actors and actresses might as well be reading cue cards.

Examples? The most blatant examples surround the character of Anakin Skywalker (played by Hayden Christensen), of course. The movie centers around Christensen’s struggles. And that’s the problem. We don’t get to see him struggle so much. We see him cry, but that seems out of place. I feel safe in saying this, since I think everyone knows what happens to Anakin Skywalker, so I’ll say it: Would Darth Vader cry? No? So why is Anakin Skywalker, the 20something hotshot Jedi, crying? It’s out of character. So what does someone who can’t let his guard down but really wants to cry do? Unfortunately, you won’t find out by watching this movie.

Similarly, Natalie Portman’s talents are wasted on the character of Padme. There is no actress alive better suited to play the prodigy Padme. Padme would have been a lot better with more Natalie Portman pontifications and fewer George Lucas pontifications coming out of her. The relentlessness of Portman’s character from Garden State is missing. And at at least one point in the movie, she breaks Anakin Skywalker’s heart. Portman proved in the movie Closer that she can break a heart like nobody’s business. Had she been allowed to truly break the heart of Hayden Christensen and every male in the audience, it would have been a better movie.

Both Mace Windu (Samuel L. Jackson) and Obi-Wan Kenobi (Ewan McGregor) get very angry with Anakin Skywalker in this movie. At one point, Jackson says, "If you’re right, you’ve earned my trust." Inappropriate. Where’s the Samuel L. Jackson attitude? The cold stare? "You’ll earn my trust when you’re right!" is a good start. Of course in most movies, Jackson would include a couple of f-bombs and end the sentence with a word that starts with the letter "b." Especially if the person he’s talking to happens to be male. Lucas keeps that kind of language out of Star Wars, but Samuel L. Jackson can say those words with his tone of voice even without the actual words coming out. He should have been allowed to.

Ewan McGregor is similarly handcuffed. At the movie’s darkest hour, McGregor’s words don’t match his actions. McGregor sorely needed to drag back out some of the attitude he showed in Trainspotting.

The writing suffers also. Some of the characters are inconsistent. There are minor characters in the movie who seemed larger than life earlier in the movie, yet they died without a struggle. I understand needing to get on with the story, but had they died fighting, it would have been all the more tragic. And besides, had those stories been told, maybe then there would have been 30 seconds spent on the love story rather than 10 minutes.

Gatermann tells me there were some lame attempts at humor in the movie. I didn’t catch anything that even sounded like an attempt at humor. It’s not like this movie had bad actors in it, so this movie should have had its moments.

Kevin Smith compares the movie to Othello or Hamlet. Well, for some in my generation, I’m sure it is. But this movie isn’t going to be remembered much past my generation. My generation’s children will like it for a while because we dragged them along to go see it. But will it capture their imaginations the way it did ours nearly 30 years ago? No. Will it take a seat next to The Wizard of Oz, or Gone With the Wind? No.

And that’s what’s frustrating. George Lucas came up with a good story. He did his homework. All the elements are there. He studied his mythology and mimicked it well. His psychology seems pretty sound. And his characters, especially the key characters, are all very compelling.

This movie had all of the potential for greatness. Probably not Shakespearean greatness, but it had the potential to be the movie of the decade, and, like Anakin Skywalker, it just didn’t live up to it. It won’t even be the best movie to come out this year.

That observation does more to help me understand how Obi-Wan Kenobi felt than Ewan McGregor’s acting did. And that’s really a shame.

God cares about our concerns, even when we’re not brave enough to talk about them

Dave Farquhar Christianity , ,

Tomorrow night in Bible study, I’m going to cover Mark 5:21-41. Since I actually put some work into preparing and actually wrote something halfway substantial for probably the first time this year, I thought I’d share it here.
Special thanks go to Jeff King for inspiring this largely derivative study, and to God for using Jeff and his talents and insight to answer two simple prayers from last night.

Let’s let Mark start the story:

21When Jesus had again crossed over by boat to the other side of the lake, a large crowd gathered around him while he was by the lake. 22Then one of the synagogue rulers, named Jairus, came there. Seeing Jesus, he fell at his feet 23and pleaded earnestly with him, "My little daughter is dying. Please come and put your hands on her so that she will be healed and live."

Now remember, most of the religious leaders of the day didn’t have a whole lot of use for Jesus. And being a synagogue ruler in this day and age, he was in the upper crust. But on this day, He needed Jesus.

So this aristocrat comes up to Jesus and wants something from Him. Jesus had this big crowd around Him. Yet Jesus dropped that opportunity and went to help him. Even though Jesus had something else to do. And even though Jesus could have used this opportunity to teach the aristocrat a lesson.

The lesson for me: God does not have better things to do. God wants to hear my voice. Yours too.

And there’s a second lesson: God “teaching us a lesson” doesn’t necessarily have to be painful. Sometimes it is. But He prefers, as we’re about to find out, to be unbelievably kind and loving.

24So Jesus went with him. 25A large crowd followed and pressed around him.

The crowd expected something. I guess Jesus had a reputation. The hard question for me: Do I expect God to do something?

And a woman was there who had been subject to bleeding for twelve years. 26She had suffered a great deal under the care of many doctors and had spent all she had, yet instead of getting better she grew worse.

Anyone who made contact with this woman became ceremonially unclean. (See Leviticus 15-25-33.) She was an inconvenience. A nuissance. This woman lived in loneliness and isolation for 12 years. Not to mention the physical pain she must have suffered.

Now, I don’t know about anybody else, but I can handle pain. I deal a whole lot worse with loneliness. When I’m in pain and lonely, personally, it’s the loneliness that I want to go away. To me, 12 hours of it is more than enough, so I can’t even begin to imagine this poor woman’s plight.

27When she heard about Jesus, she came up behind him in the crowd and touched his cloak,

What I want to know is why this woman that nobody wanted to have anything to do with knew about Jesus. And that raises a question: Is there anyone in my life or yours who nobody wants to have anything to do with who needs to know about Jesus?

28because she thought, “If I just touch his clothes, I will be healed.”

This has always troubled me, because I’ve wondered whether this was faith or superstition. Faith is good. Superstition isn’t. But God knows faith when He sees it. Here’s a question: What had the power? The cloak, or Jesus? The answer is the difference between the two.

If you think I think there are a lot of superstitious Christians, you’re right. Take the Prayer of Jabez (please!): There is absolutely nothing special about the words, "enlarge my territory." Say that to me and I might give you a quarter if I have one and nobody else has asked me today. But if you say it to God, trusting in the power of God and not in some magic words, and it’s God’s will… then it’s something special. But wouldn’t God rather hear your own words?

Here’s something else that strikes me. She was afraid to just ask Him for what she wanted. Maybe she didn’t want to trouble Him. He was off to stop someone from dying, after all. He had something better to do, right?

Wrong, wrong, wrong, wrong, wrong, a million times plus infinity wrong. God isn’t like your overburdened unapproachable boss. God isn’t bound by the constraints of time. God always has time for you.

Is there anything that you’re afraid to ask God for?

29Immediately her bleeding stopped and she felt in her body that she was freed from her suffering.

Jesus healed her. Period. End of story. Right?

30At once Jesus realized that power had gone out from him. He turned around in the crowd and asked, "Who touched my clothes?"
31"You see the people crowding against you," his disciples answered, "and yet you can ask, ‘Who touched me?’ "
32But Jesus kept looking around to see who had done it.

I used to think Jesus was angry here. Maybe He was mad about her making Him physically unclean. Maybe He was mad about her being superstitious. Maybe He had some other reason. Now I believe differently. Of course Jesus knew who touched Him. He only asked because He wanted her to approach Him. Why? I don’t think Jesus was satisfied with healing just her physical ailment. We’ll see why in a second.

33Then the woman, knowing what had happened to her, came and fell at his feet and, trembling with fear, told him the whole truth.

She thought the same thing I used to think. She’s a genius! She agrees with me!

34He said to her, "Daughter, your faith has healed you. Go in peace and be freed from your suffering."

Look at what Jesus said. What word jumps out at you? The word that jumps out at me is "Daughter." "Daughter" is a loving word. It’s a special word. How special was it to Jesus? It’s the only recorded instance of Him using this word.

Now, if you’ll indulge my overanalysis for a minute: She’s in pain and she’s lonely. If she could get rid of her bleeding, then human contact suddenly becomes a possibility. Solve the root problem, and then she can see about finding some companionship. Maybe she had some relatives. Maybe she could make some friends. She didn’t dare ask Jesus to love her.

But what she wanted wasn’t nearly as important to Jesus as what she needed. Jesus didn’t dare keep on walking without telling her that He loved her.

The Eastern Orthodox church has a legend that this woman’s name was Veronica, and that she followed Him literally to His death. The legend says that when Jesus fell underneath the weight of the cross on His way to Calvary, Veronica reached out to Him and wiped the sweat, blood, and dirt off his face with a handkerchief as the soldiers seized Simon of Cyrene and made him carry Jesus’ cross the rest of the way. She was there for Him when His disciples had abandoned Him. It’s only a legend, but isn’t it a beautiful picture of a reaction to God’s love?

35While Jesus was still speaking, some men came from the house of Jairus, the synagogue ruler. "Your daughter is dead," they said. "Why bother the teacher any more?"

If “trouble” wan’t Jesus’ least favorite word before He was incarnated, it was by the time He died. Remember what I said before about God not being bound by the constraints of time? You’re not any trouble for Him.

36Ignoring what they said, Jesus told the synagogue ruler, "Don’t be afraid; just believe."

Faith is enough. The amount of faith doesn’t matter. The smallest possible amount of faith in the right thing–God–is more than enough.

37He did not let anyone follow him except Peter, James and John the brother of James.

Peter, James and John were Jesus’ inner circle. This was one of many things they alone were priveliged to see.

38When they came to the home of the synagogue ruler, Jesus saw a commotion, with people crying and wailing loudly. 39He went in and said to them, "Why all this commotion and wailing? The child is not dead but asleep."

As far as God is concerned, death and sleep are the same thing. Jesus wasn’t lying.

40But they laughed at him. 41After he put them all out,

God isn’t mocked. But Jesus didn’t punish them; He just gave them the same fate as the other 9 disciples: They had to wait outside.

he took the child’s father and mother and the disciples who were with him, and went in where the child was. He took her by the hand and said to her, "Talitha koum!" (which means, "Little girl, I say to you, get up!" ).

Look at some of the words here. Gently. Taking her by the hand. “Talitha” is an endearing way to say “little girl.” Jesus loved that girl.

42Immediately the girl stood up and walked around (she was twelve years old). At this they were completely astonished. 43He gave strict orders not to let anyone know about this, and told them to give her something to eat.

Let’s look at the two halves of verse 43. First half: Jesus didn’t want to be famous. Jesus wanted to help people. Jesus was the very embodiment of humility. This raises a tough question for me: How many times have I boasted about something God did, hoping that someone would think more highly of me simply because I happened to be there? Don’t we sometimes seem to be preoccupied with appearing to be spiritual powerhouses? I hope I’m the only one.

Second half: Jeff King, a friend of a friend, brought this one up. Do you see the parallel with verse 34? Jesus raised this girl from the dead, and once again, He wasn’t satisfied. First He’s concerned that she’s sick and in pain. Then He’s concerned that she’s dead–a valid concern, possibly. Did she believe before He raised her from the dead? Not likely. I’m sure she did afterward. So now that He’s healed her ailment and saved her soul, what’s He concerned about? He didn’t want her to be hungry.

God derives no pleasure from your hunger or mine. None.

I’ve asked a lot of questions tonight, but I want to ask one more. What have you been afraid to talk to God about?

Scripture taken from the HOLY BIBLE, NEW INTERNATIONAL VERSION®: NIV®. Copyright © 1973, 1978, 1984 by International Bible Society. Used by permission of Zondervan Publishing House. All rights reserved.

Fair use statement: NIV quotations are permitted without express written permission provided they are fewer than 500 verses, do not amount to an entire book of the Bible, and do not constitute more than 25% of the total text of the work.

Solving a perplexing slowdown problem

Dave Farquhar General , ,

Fixing an unexplainable slowdown. You may never see this. Yesterday I struggled for about 5 hours on a Win98 laptop that was incredibly sluggish. It would just pause for several minutes in the middle of anything, for no good reason. Open up Control Panel and wait. And wait. And wait. Finally the icons would show up. Open a new browser window, same thing. And almost any time an application had to open a new dialog box, you’d have to hurry up and wait.
I couldn’t find anything especially wrong with the configuration. I made some tweaks, sure–I always do–and that improved speed during those non-idle times, but it would still go catatonic on me. I downloaded WinTop and ran it so I could see what the CPU was doing. I found nothing unusual. The CPU was mostly idle.

“Gotta be a network problem,” I told our networking guy. So he went and grabbed his ultimate l337 h4x0r tool, a Micron laptop loaded down with Linux and packet sniffers and analyzers. He ran Ethereal and just watched. There was no weird network activity, and nothing particularly heavy. But we noticed the laptop was chatting away an awful lot with a server two T-1s and two routers away on our WAN, and sometimes it didn’t get a response. I pulled all of the shares on that server and every other reference I could find, but they just kept chattering.

Finally, on a reboot, I watched autoexec.bat roll by (I had the Windows splash screen turned off) and I noticed the suspicious path–that server’s UNC was in the path statement! And futhermore, C:Windows, C:WindowsSystem, and C:WindowsCommand were not! No wonder the system was running like garbage–it was looking for stuff two routers away before it looked in its own system directories!

When I removed that line and pulled a desktop shortcut that referred to that server, all was well.

One of the server-hosted apps we run requires that directory be in the path. If you have to do that sort of thing in a WAN environment, rather than adding lines to autoexec.bat, you’re much better off writing a batch file that does this:

path c:windows;c:windowssystem;c:windowscommand;[path to application on server] [command to execute application]

Then put that batch file on the desktop, instead of a shortcut directly to the app. That way, when your laptop road warriors are away, those changes won’t slow their laptops to a crawl. And the laptop won’t start trolling the network until after they’ve run that application once that day. Since networks are an order of magnitude slower than local hard drives, the system will run slightly better in the office as well. And remember when you construct your path statements, always put the system directories first, and application directories last, with local applications taking precedence over apps on network drives.