Blog

Retiring Windows Home Server 2011

I’ve been planning to do this for a while, Windows Home Server in a post-Cloud world is causing more problems than it’s solving now. With my documents and other files being kept in OneDrive/Google Drive and the prevalence of streaming services reducing the need for large local libraries of media I’ve decided it’s finally time to retire my Windows Home Server. That’s not to say I’m not going to re-purpose my hardware or get rid of the media library I have but it’s definitely due an upgrade.

I have a couple of options open to me, the first and most likely route I’ll go down is installing a hypervisor on the server and create VMs as necessary to cover the services that I will actually miss from home server (mostly it’ll be media streaming for the existing library I have and web access to the server remotely). Secondly I could install Windows 10 on the hardware, present the disks that are currently a RAID 5 volume (LSI Raid Card) as JBOD and use Storage Spaces to protect the data. The latter option feels a little like Disk Pools did back in the original Windows Home Server so it is somewhat tempting. Finally, I could install a Windows Server product, Essentials most probably, and customise that to my needs.

Updates soon!

Mini-ITX Gaming Rig – Part 2

Continuing on from my last post then, all parts had arrived by Tuesday therefore that evening was build time. All in the build took about four hours, most of that time spent trying out the Corsair H60 in various mount points to see which would be the best fit. It turns out the first one, with the radiator and fan mounted on the rear is the best.

bitfenix Prodigy

Despite my concerns about the AX750 fitting the case it seems fine to me. So long as you’re careful with your cable routing you’ll do little damage to the cables. You do need to push pretty hard to get it in there though as the sleeving on the cables makes the whole thing less pliable. A lot of modding forums show people using the individually sleeved cables you can buy separately but I didn’t particularly want to spend an extra £50 for the pleasure.

AX750 installed
AX750 installed

The build went as expected once I had decided where I was to put the radiator. I did have an OCZ Vertex 2 60GB SSD in my old machine that I intended to use for the system drive until I could upgrade to a Crucial M4 but it turns out that drive is dead. Unfortunately it’s also out of warranty now so in the bin it went.

Unfortunately the only other drive I had was the 500GB Seagate Momentus XT Hybrid which has been gathering dust since I RMA’d it last year. So for now it’s running with a 120GB partition which I’ll move to the new SSD in a few weeks.

Windows 8 installed quickly but I got the system stuck slightly by installing the latest Nvidia driver before Windows had finished properly installing the WDDM drivers which resulted in a screen just flashing on and off repeatedly. Booting in to Windows 8 recovery and “refreshing” the install fixed that, and it was finally done.

 

System Details
System Details

The WEI score is so low because of the hybrid. Default settings for RAM and CPU score at 8.4 and the GTX 460 scores at 7.3. Ultimately these numbers are fairly meaningless but they are a handy quick benchmark.

On Wednesday I decided to do some overclocking, for now just to test the H60’s capabilities. First impressions are that it’s excellent for such a small radiator, though the overclocks I tried were not exactly extreme.

Using an application called CoreTemp I monitored the temps inside the CPU while trying several overclock speeds. In a default configuration the i7 3770K idles somewhere between 20°C and 30°C, my first instinct was that this wasn’t great but Ivy Bridge runs a little hotter than Sandy Bridge. Stressing the CPU using Prime85 shows the quality of the H60 (remember this is a default configuration in a small form factor using the lowest end of the Corair H series of liquid coolers), temps max out at about 55°C.

The first overclock was gentle, pushing the CPU to 4.1GHz, at 100% load the temps were 58-59°C with occasional hits up to 62/63°C still well within tolerances. So time to up it some more, 4.4GHz at 100% load and the temps remained very close to the 4.1GHz overclock, excellent performance from the cooler.

Before resetting back to default, which I plan to run the system at for a little while before applying an overclock, I decided to use the software supplied by Asus and apply the “Extreme” overclocking to see what it would do. It put the CPU up to 4.6GHz in a heartbeat, it tested as stable so I left it at that and stressed it. 100% load was hitting 70°C +/- 4°C again an excellent performance from the H60.

I’m pretty happy with the build. Still some improvements to make though before I’m completely happy. As is always the way with these types of projects!

Mini-ITX Gaming Rig – Part 1

My main desktop computer died some time last year (in fact so long ago I can’t actually remember when!). Since then I’ve been relying on my laptop which has done admirably considering its age – coming up for four years. Obviously then there was no impetus for me to replace the desktop, until a colleague at work and I started discussing our ideal builds. Well builds that we can afford that is.

Where my colleagues build was based on a Full Tower case (the CM Storm Trooper) I was opting for a much smaller but hopefully equally as powerful a system. Here’s my final kit list.

  • BitFenix Prodigy
  • Asus P8Z77-I Deluxe
  • Intel i7 3770K
  • Corsair H60 Liquid Cooling Kit
  • Corsair Vengeance 16GB (2 x 8GB) DDR3 1600MHz CL10 LP
  • Gigabyte GTX 460*
  • 60GB OCZ Vertex 2*
  • 500GB Seagate Momentus XT
  • Corsair AX750 PSU
  • LG BD-ROM/DVDRW*

* These items were rescued from my previous system, I plan to upgrade the SSD to a Crucial M4 and the Graphics Card to a GTX 680

I have most of the parts for the build but I’m still waiting on the case and the liquid cooling kit. In the mean time I’ve been successfully freaking myself out by reading about the failure rates of the various components I’ve purchased. To be honest the only one that is still on my mind is the Power Supply. I take solace in the statistic I read yesterday that Corsair ship in the region of 150,000 power supplies per month meaning the number of failures discussed online is more likely just a reflection on the sheer number of units sold rather than something fundamentally wrong with the hardware.

How to reset web console password of a LifeSize Video Conference unit

Searching for this online to resolve a problem with one of these units proved fruitless so I decided to throw this up here for reference and perhaps it will help someone else out in need. The unit in question is a LifeSize Team MP.

  1. SSH to IP or hostname of the unit
  2. Login as
    auto

    using password

    lifesize
  3. Reset the password using the command
    set admin password 12345

    The password can be anything of 0-9 * and # and is truncated if greater than 16 characters

Full reference for the command line interface can be found here on the LifeSize website.

Web Security

With almost six months since my last post you may have been fooled in to thinking this blog had died a death. The truth is I’ve just been really busy at work and still am but I had to post about this subject as its really starting to get on my nerves.

Web security, or rather your informations security on the web, is something everyone should be concerned with at all times and yet the majority of my friends not in the tech industry couldn’t give a crap. I’ve witnessed passwords shared across multiple services, passwords written down with the web address and username, passwords as simple as password. It’s all very frustrating when trying to explain why these things are bad to these friends as they have no idea of the scale of the threat.

Up until recently the threat was not actually that widespread, sites being compromised as little as two years ago were usually small communities that impacted relatively small numbers of users. Then LulzSec and Anonymous came along and ostensibly attacked sites they were protesting against but also raising awareness of tools that can be used to attack websites and networks.

The chaos that has ensued was easy to largely ignore until consumer networks starting getting hit.

Some examples:

  • Playstation Network is brought down, millions of users personal details are stolen.
  • Gawker Media network of websites is attacked, I discover that two of my email addresses were used in accounts I did not sign up for
  • Facebook account lists and passwords are published
  • my web host DreamHost has its account directory service compromised meaning they have to change passwords on every FTP account
  • This week alone LinkedIn has 6.5 million accounts published online and now there are reports of last.fm being compromised

What is at risk then?

Name, Address, Job History, Email Address, Password, Credit card information, date of birth. On their own most of these things aren’t a big deal (credit card info is a big deal!) combine them and you have everything you’d need to steal an identity. If you get in to someone’s primary mailbox you have their life!

When these attacks happen the sites tell you to change your password and reiterate that you should use different passwords on different web sites. It’s not enough. It has been the standard advice for as long as I can remember on the web and has been ignored equally as long. The password as we know it is not secure.

What are the alternatives though? Some sites have multi-factor authentication, usually this means a small keyring sized device is assigned to your account, using pre-defined algorithms on the device and on the authentication server you enter the verification code on the devices screen as well as your password to log in. This is something more recently being offloaded to smartphones making it vastly more accessible to your average user. It means to login you need to remember something (your password) and have something (the smartphone or token device). It does increase security but at the cost of convenience.

Other sites rely on the authentication of OAuth or OpenID vendors like Google, Yahoo, Facebook or Twitter. Not ideal either, these vendors may be better protected from threats but they are constant targets!

We need to rethink our approach to web security as an industry or these attacks will only increase in frequency and severity, my advice is to enable multi-factor authentication on every site you use that offers it, keep all your passwords different (try the advice of this xkcd comic to help you pick memorable passwords), change them frequently and maybe one day there will be a method of authentication that we can trust again.

Office 15

Office 15, the next iteration of Office, has been made available to selected partners via the Technical Preview program.

That in itself is fairly unremarkable (for more info read the official announcement on the Office Blog) but there is something in the blog that seems to have gone widely un-noticed by most places.

“With Office 15, for the first time ever, we will simultaneously update our cloud services, servers, and mobile and PC clients for Office, Office 365, Exchange, SharePoint, Lync, Project, and Visio.”

This means that presumably this year (though no evidence of a release date anywhere) there will be an update to their entire Office product line and their supporting server applications, so Exchange, SharePoint, Lync Servers 2012? I’m not sure if this is brave, clever or really stupid. Time will tell I suppose. In the mean time I’m pretty keen to get my hands on the product, here’s hoping the Preview is open to a wider audience soon!

Planning 30th birthday celebrations

In September I’ll be 30. It’s a milestone for most people and so myself and a group of seven friends (four of who are also 30 this year) have decided that to celebrate we shall take a trip in October – it falls pretty much in the middle of all our birthdays, and a number of them are Teachers.

After quite literally months of debate and a vote (using proportional representation to tally the winner – everyone had to choose three locations) we decided on Barcelona.

Flights are booked, and I’m really looking forward to it now.

20120124-223756.jpg

Cisco AnyConnect, OS X and Firefox

When I started work at brightsolid one of the tasks given (or rather one of the tasks I gave myself) was to get the Cisco AnyConnect client working on OS X.

The symptoms are not very helpful in diagnosing the issue, the error you get will be something like “posture assessment failed”. Fortunately Cisco provide an excellent logging tool known as DART (Diagnostic and Reporting Tool). Looking through the DART bundle it was pretty clear that the firewall was rejecting the connection attempt due to a missing user certificate.

On Windows you just need a certificate (issued by a CA that the firewall trusts) installed to the users Personal certificate store.

On OS X adding the certificate to the keychain made no difference. I’m still not 100% sure why but I suspect Apple changed the way certificates worked between major releases and Cisco never got around to fixing it. I do plan to talk to Cisco about this issue at some point so I will post an answer once I have one.

The workaround, which I discovered by looking through the DART logs, was to add the user certificate to the certificate store in Firefox.

Further testing has revealed that it only works for Firefox 3.X anything newer and AnyConnect fails in the same way.

Currently then OS X users with AnyConnect version 2 or newer will need Firefox 3 installed too.

If anyone out there has any further information about this I’d love to learn more or get a permanent fix that doesn’t rely on old browsers!

20111023-224834.jpg

EDIT: I’ve found that this may be a policy setting on the firewall, despite having been assured this has been checked you can force OSX clients to not check the Keychain for certificates. There may be a way to override this locally so I’ll be trying that first then will look at the firewall config again.

Problem with Personal Hotspot on iOS 5

Having a busy week since upgrading to the iPhone 4S I hadn’t thought to test everything I had before the upgrade. The most important things worked so it wasn’t a big deal. That was until yesterday when I tried to use Personal Hotspot with my iPad.

It was epic fail, the option was gone. I don’t just mean it was off in the options it didn’t exist in the options.

I called O2 and they were less than helpful. I gave up on them and hung up.

Later I figured I’d try a network reset, this did the trick. Everything is now working as expected.

To do a network reset open Settings > General > Reset then choose Reset Network Settings. The device will reboot and can take a few minutes to reconnect to the network. You will also need to re-associate your device with any wifi networks you had setup.

20111022-204233.jpg

Home Server Rebuild 2011

This post has been pending for a long while, I finished rebuilding my home server in May. It went pretty smoothly but there were some hiccups along the way, some doubt in the products I had bought and so on.

All turned good in the end though.

The setup is as follows:

The build went pretty smoothly as I’ve already mentioned, the biggest upheaval was the realisation that the exact model of 2TB drive I had bought from Samsung had a firmware problem causing data loss in some specific circumstances, bad times! So I had to flash the 4 brand new drives before the build could start.

From here the build was smooth, motherboard, cpu, memory, and storage controller in to the case everything looked good. Then when mounting the drives I noticed a problem, the storage controller would touch the bottom of the drive chassis just a no more. Worried about shorting something or causing some other damage I insulated the edge of the storage controller with some electrical tape.

Hardware all built it was time to configure, the plan was 2 x 1TB drives in a RAID 1 set using the motherboards built in storage controller, this would be the system drive and host client backups (2 PCs and 1 Mac), and 4 x 2TB drives in a RAID 5 set using the 3Ware storage controller for the main file shares.

Partitions were therefore setup as follows:

  • 60GB system partition
  • 871GB for client backups
  • 5.45TB for file shares

OS install took about an hour, some config changes needed to be made to move the backups to the partition I wanted, and the media shares to the largest partition. Once this was done it was time to start copying data, it took a couple of days to complete and that was it. I ran the WHS connector installer on all clients running into another problem, it wouldn’t install on my MacBook Pro (it still won’t but that’s an aside they’ve not updated it for Lion yet).

And that’s it. I’ve been running it now since completion with problems occurring only once when I think it had overheated which brings me back to what I said at the beginning about doubt in the products I had bought.

Specifically the Fractal Design case. Once ordered I started worrying about airflow and heat, the drives are tightly packed together and there’s only one case fan on the rear so it was a real concern. I am still watching it closely using SpeedFan but so far so good.