Aug 282014

Hope this saves someone some time:  RDP was not listening on TCP 3389 on a new server build.  Followed the standard troubleshooting (verify registry, re-create RDP listener, etc). When showing hidden devices in device manager, tdtcp (tdtcp.sys) was not enabled.  NIC is HP373i (Broadcom), but the tdtcp driver would not load until after I installed the HP Network Configuration Utility (NCU)  + reboot.  Tip your waitress.

Aug 262014

Merely as a thought experiment (I like SCOM and Nagios both), if one were to implement Nagios [Icinga, et al.] to cover the same functionality as SCOM, what would be the quickest and surest way?

SCOM and Nagios both do nothing — they’re just frameworks for collecting data and figuring out if it meets criteria to alert or report on.  SCOM without Management Packs is like Nagios without plugins: useless.  The most important part of monitoring is knowing what you want to monitor, but the documentation for hardware and software aren’t generally very specific.  “Monitor the event logs for stuff with Red by them” isn’t useful.  SNMP MIBs without any corresponding declaration of ‘normal’ is a start, but it’s not good.  It’s time-consuming to start from scratch (even from “Best Practices” whitepapers) and try to figure out what to monitor, what’s normal, and what the severity is when things aren’t normal.

The best documentation for monitoring Microsoft products (or anything with a SCOM management pack), is the management pack.  Load up a SCOM console (eval copy works fine), download the free MPViewer utility, download the management pack(s) you need, install them, then open MPViewer and view the management pack contents.  Discovery is much more difficult with Nagios (an exercise for the reader), but if you’re looking for monitors and rules for 90% of use cases (eventlog id’s, service status, perfmon counters, network status), it’s pretty trivial to convert to NSClient++/NSCP checks.   Someone savvy enough could probably automate a great deal of it, though I bet Microsoft’s lawyers might object….




 Computers, Main  Comments Off
Apr 132014

My WordPress installation sent me an email this morning, saying I was the only person with a blog who hadn’t written about heartbleed, and I only have one thing to add, really.

Heartbleed describes a bug in OpenSSL, most succinctly explained by the xkcd: Heartbleed Explanation comic.  It’s a routine programming bug, but the incomprehensible aspect is that the OpenSSL authors actively worked around system malloc’s and rolled their own: to make you vulnerable that much faster (“exploit mitigation countermeasures”).  Other bugs that have been logged for years are presumably being reviewed.  Nothing new to add there.

But I say that critical infrastructure exploits should all have better names, though ‘heartbleed’ isn’t bad — a heartbeat function that bleeds information.  But instead of rolling your own, or going by generic CVE entries, we should pre-allocate alphabetical names, like they do for hurricanes.  Except I’d name them after waitresses, not just generic female names.  So, instead of ‘heartbleed’ we’d start with ‘Amanda.’

  • Amanda (one of my favorite waitresses)
  • Betty (I don’t know a waitress named Betty, but I imagine she’d be really good).
  • Chelsea (who isn’t a waitress any more; she’s a parole officer).
  • Dotty (Like Betty, I don’t know a waitress named Dotty.  I bet Dotty’s a good waitress, but not as good as Betty).
  • and so on.

Everyone could have action plans and themed PowerPoint templates ready.  Next critical infrastructure bug?  Pull out the “Torie” slides, and Bob’s your uncle.  That’s all I have to say.  Thanks.

Mar 072014

SCCM 2007 report to show patch status details per Update List and Collection.  You can get here by drilling down 4 reports deep, individually, for hundreds or thousands of your servers, or you can just run this, throw it into Excel, and filter and munge at will.  Much faster.

-- Shows all patch status details, given an Update List and a Collection. Export it to Excel and monkey with it there.
-- Based off of the stock "Compliance 1 - Overall Compliance" report.

 FROM v_AuthListInfo
 WHERE CI_UniqueID=@AuthListID

 v_UpdateInfo.DatePosted As UpdateDateReleased,
 v_UpdateInfo.DateRevised AS UpdateDateRevised,
 v_UpdateInfo.InfoURL AS UpdateInfoURL,
 v_UpdateInfo.Description AS UpdateDescription

FROM v_UpdateInfo

 INNER JOIN v_GS_PatchStatusEx AS ps ON v_UpdateInfo.CI_UniqueID = ps.UniqueUpdateID
 INNER JOIN v_FullCollectionMembership AS fcm ON ps.ResourceID = fcm.ResourceID
 INNER JOIN v_CIRelation cir ON cir.ToCIID= v_UpdateInfo.CI_ID
 INNER JOIN (v_CICategories_All
 INNER JOIN v_CategoryInfo
 ON v_CICategories_All.CategoryInstance_UniqueID = v_CategoryInfo.CategoryInstance_UniqueID
 AND v_CategoryInfo.CategoryTypeName = 'Company')
 ON v_CICategories_All.CI_ID = v_UpdateInfo.CI_ID

WHERE fcm.CollectionID = @CollID
 AND ps.AgentInstallDate IS NULL --this shows errors only. Comment it out for reports on installed updates.
 AND cir.FromCIID = @AuthListLocalID
 AND cir.RelationType = 1

ORDER BY fcm.Name

-- Create two prompts, for Update List, and Collection
-- AuthListID
-- Update List ID (Required)
if (@__filterwildcard = '')
 select distinct CI_UniqueID as AuthListID, Title as Title from v_AuthListInfo order by Title
 select distinct CI_UniqueID as AuthListID, Title as Title from v_AuthListInfo
 where ((CI_UniqueID like @__filterwildcard) or
 (Title like @__filterwildcard))
 order by Title
-- CollID
-- Collection ID (Required)

 if (@__filterwildcard = '')
 select CollectionID as CollectionID, Name as CollectionName from v_Collection order by Name
 select CollectionID as CollectionID, Name as CollectionName from v_Collection
 WHERE CollectionID like @__filterwildcard or Name like @__filterwildcard
 order by Name

Mar 172013

UPDATE: Disk Cleanup Wizard addon lets users delete outdated Windows updates on Windows 7 SP1 or Windows Server 2008 R2 SP1 (KB2852386)


I picked up an HP t5740e thin client off eBay, as I had deployed some at a prior job.  Window Embedded Standard 7 (32-bit), with 2GB RAM and 4GB flash.  Set it up the way I want it, re-enable the write filter, and Bob’s your uncle.   But the default HP build includes components that take up a lot of space, and I have no need for them — namely, the text-to-speech components, the natural language components, and the SAT performance tests (sample movies).

While logged in as Administrator, with the write filter disabled:

dism /online /Get-Packages

You’ll get a list of all packages installed in the running image. Find the ones you want to delete. Then delete them. Reboot.

dism /online /Get-Packages

dism /online /Get-PackageInfo /packagename:WinEmb-Natural-Language~31bf3856ad364e35~x86~~6.1.7601.17514

dism /online /Remove-Package /PackageName:WinEmb-Accessibility~31bf3856ad364e35~x86~~6.1.7601.17514
dism /online /Remove-Package /PackageName:WinEmb-Natural-Language~31bf3856ad364e35~x86~~6.1.7601.17514
dism /online /Remove-Package /PackageName:WinEmb-Speech-LP-ENU~31bf3856ad364e35~x86~~6.1.7600.16385
dism /online /Remove-Package /PackageName:WinEmb-Speech~31bf3856ad364e35~x86~~6.1.7601.17514
dism /online /Remove-Package /PackageName:WinEmb-Diagnostics-Performance~31bf3856ad364e35~x86~~6.1.7601.17514
Mar 112012

DISCLAIMER – I DON’T DO C. And my Perl isn’t great, either.

I routinely browse the openbsd-cvs mailing list, and I saw this easy openbsd-cvs bug fix (“Fix a stupid bug in tcpdump print-bgp.c“) the other night when doing some really late-night, partial-involvement sysadmin work.  So I decided to pass the time (“stay awake”) by doing a regex exercise to find similar patterns in the OpenBSD source tree.

Continue reading »

Aug 222011

On UNIX, it’s simple to delete matching files in a directory, over a certain age (e.g., all .txt files over 2 days old):

find /some/directory -type f -ctime +2 -name \*.txt -exec rm -f '{}' \;

On Windows, it’s ridiculously complicated.  Here’s a PowerShell script, modified from somewhere….:

$a = Get-ChildItem 'C:\Temp\subdir\*' -include *.txt
if ($a.count -gt 1) {
    foreach($x in $a) {
        $y = ((Get-Date) - $x.CreationTime).Days
        if ($y -gt 7 -and $x.PsISContainer -ne $True) {
            #$x.Delete()  #uncomment here to delete
            Write-Host $x


May 082011


Miscellany.  Overview diagram in Visio and PNG.  adzapper postmatch.  squid examples to redirect based on source IP.  squid tee.  Wiki squid/adzapper template.  Wiki template for Java client config file (you’d be surprised how many people don’t know about it…).

Mar 112011

Here’s the quickest way I’ve found to produce good diagrams for certain types of technical diagrams.  You can export them to SVG or EPS and use them in most anything.

Protocol Diagrams (packet diagrams): use the LaTeX bytefield package.  It’s easy.

Sequence Diagrams: use Mscgen.  Easier than Graphviz on this.

Graphs (general): use Graphviz. And the Perl module generally makes life easier.

State Diagrams: use Graphviz, or Tikz.  Tikz is intimidating, but state diagrams are simple enough.

General drawing: try Inkscape, and don’t forget



My Password

 Computers, Main  Comments Off
Feb 252011

It’s terrible practice, I know, but my password is the name of my dog.  My dog’s name is H^7a(;tQ.


UPDATE:  I’m being notified by various systems that my dog’s name doesn’t meet the minimum name length, so I have renamed my dog to Y05!z[2@,*HUps%3.  If it weren’t for the number and special character requirements, I had planned to just name him the Diceware passphrase ‘doublespadeambiguouslactationconsultant’.

Feb 062011

Here’s how to use Perl and libpcap to process a capture file offline.  This particular example parses RDP cookies….

# ./ session.cap\jaso

Continue reading »