If You copy mboot.c32 from another XenServer version it will work flawlessly.

Hope this helps someone!

Drew

I feel that laziness is a virtue in System Administration so I created a image file that can PXE boot into DOS and handles the update automatically.

The file is here:

X9SCL BIOS Updater

I’ll assume that you already have a Linux based PXE setup; this is the command I use to call it with pxelinux:

label X9SCL
KERNEL other/memdisk
APPEND initrd=tools/c.img harddisk

Enjoy!

Recently I was tasked with building a high performance WordPress system for a user. I won’t bore you with all of the details but I will give you 1 tip that saved the day for me.

For whatever reason WordPress uses MySQL queries that write temporary tables, because these temporary tables include fields that cannot be cached/stored in memory; these temporary tables must be written to the hard disk. Anyone who has studied modern computer architecture knows that the largest bottleneck in any system is IO.

If you are running Linux You may have noticed in the past that newer Linux servers come with a partition called /dev/shm (or shared memory). This is essentially a ram disk (or storage in RAM) that your system provides to you to use (or not use) as you see fit.

You can verify that this partition exists by using the following command:

df –h

Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
                      257G   42G  202G  18% /
/dev/sda1              99M   19M   75M  21% /boot
tmpfs                  12G  4.0K   12G   1% /dev/shm

If you see a tmpfs partition mounted on /dev/shm you are good to go.

If not your OS distribution may have named it something else, so check with the manual or contact me for more information.

If this partition exists, you can instruct MySQL to use it as storage for your temporary disk based tables by editing your MySQL configuration file (usually located in /etc/my.cnf) and adding this line:

tmpdir=/dev/shm

Then restart MySQL.

Using this one tip I was able to increase the performance of my WordPress server by over 500% and it was the most effective optimization I did in terms of performance gains. It was better than adding SAS disks in RAID-10 and other very expensive hardware upgrades.

I hope this helps you!

I had been hit by malware…

The first thing I noticed was UAC (User Account Control) confirmation boxes popping up asking me to allow ‘update.exe’ to run on my PC. I obviously told it not to allow this. I assumed it was over, and about 30 seconds later Vista Anti-Virus 2011 opened.

I must admit that my first response to this was embarrassment remembering how many times I had given my friends crap about installing suspicious software and clicking on dodgy links. In fact I had just helped my brother remove this exact same malware over the phone a week earlier. How in the world did this happen? My system has both McAfee Virus Scan Enterprise AND Forefront Client Security installed on it, and I had just upgraded to IE 9. I was completely astonished.

The embarrassment quickly faded and my second response was eradication, I had the malware completely destroyed in less than a minute. It had created two exe files that were marked as SYSTEM and HIDDEN (attrib –H –S to remove hidden and system attributes) and the process was showing up as ‘Steam’ in task manager.

Here are the complete steps I took to wipe this thing out.

1) CTRL-ALT-DEL, Start task manager.

2) Under processes kill the process.

3) Find the files.

4) attrib –H –S kho.exe

5) Delete the files.

Anytime your system is infected with Malware you can assume that there is going to be registry involvement, this case was no different. I opened up regedit and did a search for ‘kho.exe’. It turns out that the scumbags who wrote this software actually registered it as a shell handler for all exe files.

What this means is that every time Windows goes to launch an exe (executable file) it opens it with this malware, and the malware gets to decide what to do with the program. Which means it effectively disables your PC. I reset the modified registry key and everything was back to normal.

My third response was anger and that is mostly what this article focuses on.

In 2011, after all we have been through with the web and security how are things like this possible? How does the average person stand half a snowballs chance in hell of not becoming infected if the manager of a datacenter full of servers can’t even protect his PC? Internet Explorer 9, all updates installed, McAfee Antivirus Enterprise, Microsoft Forefront Client security all completely useless against the might of poorly written malware by criminals?

Seriously, Microsoft? This is the best you can come up with, after all this time? Why is it even possible for a program to install itself from Internet Explorer without any user confirmation? I understand that functionality and usability is a balancing act against security but what possible functionality and usability does this complete lack of sanity give the user in return?

Why is any of this even still possible?

-Drew

In an apparent raid coordinated between Microsoft and federal authorities yesterday (as the wall street journal first reported) one of the largest botnets in the world (known as “Rustock”) was shutdown. “Rustock” was believed to be in control of over one million infected PCs worldwide and responsible for more than a billion spam messages a day.

So if you notice that the spam in your inbox is a little lighter today than it was yesterday, You might just have Microsoft to thank.

-Drew

The Internet is oxygen for people going through crisis.

-Drew

This article explains how to quickly install and configure APF (Advanced Policy Firewall) for Linux.

These commands will install APF:

wget http://www.rfxn.com/downloads/apf-current.tar.gz
gzip -d apf-current.tar.gz
tar -xvf apf-current.tar
cd apf*
sh install.sh

Open the Configuration file:

nano /etc/apf/conf.apf

#To allow firewall to continue running
Change DEVEL_MODE="1" to DEVEL_MODE="0"
#To allow TCP Window Scaling
Change SYSCTL_TCP="1" to SYSCTL_TCP="0"

Modify:

IG_TCP_CPORTS="22"

and

IG_UDP_CPORTS=""

To include TCP and UDP ports you need open.

type ‘service apf start’ to start APF.

Note:

If you are running vsftpd you should configure vsftpd to use specific ports for PASV FTP and then allow those ports through the firewall as shown below.

pasv_enable=YES
pasv_max_port=9000
pasv_min_port=9050

In the above example PASV FTP will use ports 9000-9050 so you could specify that as 9000_9050 in the IG_TCP_CPORTS configuration in APF.

I hope this was useful to you.

The Intel DH55TC motherboard is the first board from Intel to use the new graphics component which makes it also the first inexpensive consumer LGA1156 motherboard from Intel to offer on-board video. In my work we are constantly looking for new boards we can use for cheap simple web servers and this board (and the Core i5 661) had a great deal of potential for this task.

We provision systems using pretty much every different version of Linux (and even some Virtualization technology) that one can imagine so I have created a little table to show compatibility. In order for an OS to be ‘compatible’ it must be able to be installed completely unattended over the network (PXE).

So you can see that most major distributions (shame on you Debian) make at least some kind of showing here. If you must have a 100% compatible LGA1156 motherboard the SuperMicro X8SIL is still the king.

-Drew

(network.c.377) SSL: Private key does not match the certificate public key, reason: error:0906D06C:PEM routines:PEM_read_bio:no start line /etc/sso/sso.pem

This issue can be fixed by:

[from ssh command line]

# cp /usr/local/psa/admin/conf/httpsd.pem /etc/sso/sso.pem

[restart httpd]

# service httpd restart

[start plesk]

# service psa start

-Drew

I have heard all of the arguments about why you need to run an insecure SIP gateway, your users are spread out, they all use different clients or IP phones, etc. These are the exact same arguments that were made for why organizations ran open SMTP relays. The fact is that there are thousands of infected hosts on the Internet right now looking for VoIP/SIP gateways which are exploitable and who’s fault is it if someone uses your SIP gateway without your permission? Yours.

There are all sorts of reasons why open SIP gateways are very valuable to criminals, they can make international phone calls to their buddies on your dime, they can use your system to run identity theft rings, they can sell phone service to their “customers” which ultimately use your system, and all sorts of other things which will cost you big.

So before you decide to jump into 2005 and put your phone system on the Internet, consider the ramifications and the lessons from the past. As bad as open SMTP relays were/are, they are nothing compared to the trouble which will be caused by the trend of open SIP proxies if it continues.

-Drew