Tuesday, December 22, 2009

How to breed life in an old laptop

My older Acer TravelMate laptop was getting so slow, I decided a few weeks ago to change it for a a flashy HP with Windows 7.

I still use it from time to time. Like right now. But I was still faced with a clunker that took at least 7 minutes to boot up and be usable, with the hard disk spinning endlessly. 7 minutes! I tried all the Remove-Windows-Rot advice I found, and uninstalled every piece of software I didn't use, then ran all sorts of Crap-Cleaners and Page-File-Optimizers and Disk-Defragmenters. Nothing worked.

I finally decided to:
1. Upgrade my memory to the maximum I could
2. When 1 didn't proove to be satisfying, I reinstalled Windows.

1. Memory Upgrade
I wanted to update from 512Mb to 2Gb, which is the maximum the laptop can hold. I looked on eBay but, what do you know, 1Gb SODIMMs are more expensive than the new stuff (especially when you add the shipping costs). Newegg.ca had cheaper memory modules than eBay, which happened to be brand new, completely legit and under warranty, so I went with them. I ended up buying two modules from G.Skill. I didn't know this company, but apparently they're well known in the gamer and overclocker scene. They actually manufacture their own ICs. I installed them, ran Memtest86+ and everything went well.

2. Reinstall from Scratch
Even with 2Gb or RAM, the rot was still there, with the hard disk being abused like what Jason Scott would call a "drunk cheerleader dropped in the exercise yard of a prison". I went down from 7 minutes to 4 minutes, and that still was unacceptable. I was fed up, so I simply booted off the Recovery CDs (yes, I DO have them!), and went through the pain of visiting Windows Update 8 times, rebooting each time. Total time: 4 hours, but it was worth it. I didn't install NOTHING else on the laptop except the vanilla Windows XP. To prevent crapping my registry, I decided that all add-ons will come from PortableApps.com. Bloatware like Adobe Reader and Quicktime, move away please - you're not welcome on my vanilla PC.

I now have a Laptop which, while not good enough to handle Youtube HD channels, is workable enough to boot in less than two minutes and offer a completely sane Windows XPerience.

If anyone has suggestions, send them in. I would like to know what you do on your side to prevent Windows Rot.

O.

Understanding Insight Remote Support

Here is an update to my "Understanding Insight Remote Support" (formerly "Understanding RSP Components") flow diagram. This one removes OSEM from the picture, which means that there is one less tool to worry about, and adds generic SNMP devices to the mix:


Note that this diagram only shows devices I'm familiar with. If you have any comments, I'll be glad to modify it.

O.

WEBES 5.6 update 1 is out

WEBES 5.6 update 1 has been released recently. It is required to support new hardware, namely the behemoth AMD-based Proliant DL785. Users interested in learning more can take a look at this document which explains what 5.6 and 5.6U1 are all about -- from what I understand, users who have not voluntarily upgraded to 5.6 yet are still at 5.5 and will be updated once RSP 5.40 comes out in early 2010.

For current 5.6 users, the minor update was silently pushed through the RSSWM last week-end and at my site, the upgrade went flawlessly.

I noticed that a bug that was plaguing me since 5.5 has finally disappeared, when you click in the managed systems list on an Integrity/HP-UX Server, the interface now gets back with the info panel instead of timing out.

O.

Friday, December 18, 2009

The outcome doesn't look that good for both HP-UX and Integrity

First of all, we have Brian Cox's blog recent post comparing what he thinks of HP-UX and Linux. Read it here:
http://www.communities.hp.com/online/blogs/musings-on-mcc/archive/2009/12/16/linux-vs-unix-shouldn-t-they-be-equals.aspx

Here is a quote:
Similarly, if you asked me to choose between HP-UX and Linux for a customer’s most demanding workload, I would typically recommend HP-UX. However, if my customers’ time horizon is five years from now, then I would seriously consider Linux (by the way, you could replace OpenVMS for HP-UX and Windows for Linux in the above comparison and I would give you a similar answer).

I've met Brian personally last year, and he's a level-headed guy. Preferences for a platform versus another aside, what he says here makes sense on both a business and technical perspective.

Then, around the same time, rumors pop up indicating that Red Hat will be canceling their Itanium port:
http://www.theregister.co.uk/2009/12/18/redhat_rhel6_itanium_dead/

What will the future be for HP-UX and Integrity? Red Hat apparently abandoning ia64, with Novell being unsure if they'll continue, are especially bad news for BCS. That leaves us with one less operating system for the Integrity line, and it turns out it's one that Cox suggested potential mission critical customers should investigate if planning for 5 years down the road. The outcome for the excellent Integrity line doesn't look that good.

As far as I'm concerned, as a current HP-UX / Integrity customer, it's business as usual for now and will be for a few years to come. We're starting to renew our systems next year and this won't change our plans. But I think it is time to seriously plan my long-term strategy for post 2015.

O.

Wednesday, December 9, 2009

Performing a chmod on a symbolic link

On HP-UX, symbolic links cannot have their permissions changed. When doing a chmod on a symbolic link, the chmod operation is performed on the file it references.

A little background information is in order. When a symbolic link is created, it sets its permissions depending on the current umask. So if you have a umask set to 027, it will create a link like this:
# umask 027
# ln -s /stand/vmunix /tmp/link1
# ls -al /tmp/link1
lrwxr-x--- 1 root sys 13 Dec 9 14:50 /tmp/link1 -> /stand/vmunix

While a very restrictive umask such as 777 will do this:
# umask 777
# ln -s /stand/vmunix /tmp/link1
# ls -la /tmp/link1
l--------- 1 root sys 13 Dec 9 14:50 /tmp/link1 -> /stand/vmunix

So what do you do if someone created a bunch of symbolic links with a umask of 000, and you have scattered symlinks that look like they're world-writable files?

The technical answer would be to ignore them. As most file operations except the link()-related apply to the file referenced by the symbolic link itself, I do not think this is a security problem. But of course, when you're being scrutinized by a security auditor, explanations like this one often don't have any merit. It's less hassle to just satisfy whatever the auditor wants, and correct these symbolic links.

The problem arises when you notice that chmod doesn't work on a symbolic link. And this isn't specific to HP-UX; Linux doesn't allow this either, but I found that FreeBSD has a "-h" option to chmod that addresses the issue. How can you fix that?

The only solution I found by looking into the ITRC forums is to delete the symlink, and re-create it with an appropriate umask. This can be done really quickly but the process won't be atomic so I can't garantee this will be completely unnoticed by your applications.

Here is a short script I've written named lchmod which will ease the operation:

#!/bin/sh
if [ "${1}" = "" -o "${2}" = "" ]
then
echo "Usage: lchmod "
return 1
fi
umask=${1}
symlink=${2}

if [ ! -h ${symlink} ]
then
echo "Symlink '${symlink}' does not exist"
return 1
fi
destination=$(/bin/ls -l ${symlink} | sed 's/.*-> //g')
umask ${umask}
rm ${symlink}
ln -s ${destination} ${symlink}


Say you've got this link:
# ls -la /tmp/link3
lrwxrwxrwx 1 root sys 13 Dec 9 14:59 /tmp/link3 -> /stand/vmunix

Simply run lchmod like this and the link will be recreated with a umask set to 027:
# lchmod 027 /tmp/link3
# ls -al /tmp/link3
lrwxr-x--- 1 root sys 13 Dec 9 15:00 /tmp/link3 -> /stand/vmunix*

O.

Using USB dongles with ESX-based virtual machines

The post where I mentioned how I made a pool of external fax modems work with ESX guests using a Digi PortServer has proven to be one of the most popular of my blog.

Recently, I've been faced with a similar challenge: Is it possible to virtualize Windows servers which host software that requires a copy protection USB dongle? The answer is yes!

Since I was a happy camper with the PortServers, I once again checked what Digi had to offer and found their AnywhereUSB line of network-enabled USB hubs. Simply put, these devices work like this: The hub has a LAN port, and you can use it to access USB devices through your LAN. You simply need to add a special driver to your Windows server that will "fake" a local USB port, while in fact it redirects the traffic to the remote hub. This works flawlessly with physical servers and most importantly VMs, and you can VMotion them around at will.

Digi has written a concise whitepaper that describes how to connect the Anywhere USB to VMware ESX guests here: http://www.digi.com/pdf/wp_ESXServer_AnywhereUSB.pdf. The setup is done within a matter of minutes.

The 2-port version, according to Digi's online store has a list price of 287$USD while the 5-port version is 349$USD.

But whatever you do, don't do the same mistake I did and buy a 5-port hub, thinking that each independent port can be shared among multiple servers in the same manner like Digi's serial servers can - I found out that the Anywhere USB can be connected to only one server at the time. The whitepaper above claims that you can have "multiple USB hubs per virtual machine", but don't confuse this with "multiple virtual machines per USB hub". I don't think the 5-port version is very useful for many cases unless you need to plug a lot of devices on the same VM.

Also, remember that the hub only has a 100Mb/s connection and will downgrade USB 2.0 devices to work at USB 1.1 speed. This is fine for many cases such as with a dongle, but any use requiring a high-performance data rate will be better served by using a physical server.

The fact that you can't share the hub with multiple VMs is a serious design limitation that will require you to deploy a lot of these devices if you ever need to virtualize dozens of servers that use dongles. The 287$ cost for each VM has to be considered in this context, but compared to having to install and manage a physical server, this is as cheap as it can get.

O.

Update Dec 10th 2009: I found another product that is a lot cheaper than Digi's. While it would do the job in a SOHO environment, it's built by a vendor that I wouldn't trust for enterprise systems. At 287$, better buy yourself peace of mind, and especially long-term support.

Sunday, December 6, 2009

When something doesn't work...

Here is my definition of something that "doesn't work": It is a product you try before you buy (or, if you're unlucky, you buy outright) and you're not able to use it.

When I buy computer peripherals for my personal use at home, usually the cheaper, the better. And even though they're engineered overseas and poorly translated, they almost always work.

Then why in hell are there many instances where I've seen enterprise software and hardware that does not work when I try it? This is plain nonsense.

Recently I've been trying an OTP solution and, geez, it looks like the manufacturer did *everything* to discourage me from buying their product. Yet I feel compelled to do it as a favour to my team, because it looks like Corporate IT chose this for the VPN access and I don't want my personnel to end up with two different tokens from two different vendors.

I won't go as far as saying the product itself sucks. But its marketing sure as hell does. I won't give out details or name that vendor right now. It's better to give myself some time to vent. But I'm slowly getting pissed and, guess what, I don't like wasting my time.

O.

Tuesday, December 1, 2009

Moving physical extents within a PV

A new pvmove feature appeared in 11.31 which lets you move physical extents within a PV. This can be very useful to move PEs to make space for a LV which has a contiguous allocation policy such as the swap LV, /stand or /.

To use this, simply specify a start range and end range, and tell pvmove to move a range of extents within the same PV.

Example:

root@bonyeune[~]# pvmove /dev/disk/disk21_p2:00736-01248 /dev/disk/disk21_p2
Transferring logical extents of logical volume "/dev/vg00/lvol3"...
Transferring logical extents of logical volume "/dev/vg00/lvol4"...
Transferring logical extents of logical volume "/dev/vg00/lvol5"...
Transferring logical extents of logical volume "/dev/vg00/lvol6"...
Physical volume "/dev/disk/disk21_p2" has been successfully moved.
Volume Group configuration for /dev/vg00 has been saved in /etc/lvmconf/vg00.conf

In the previous example, I moved a range of 512 PEs from #736 to #1248 further inside the same PV. This freed up PEs between 736 to 1248.

Is it possible to move around a LV with a contiguous policy using this technique? To my surprise, I tried it, and it the answer seems to yes. But there are some limitations. I'll need to set up a VM to be able to experiment further. There are other interesting commands such as "pvmove -n" which lets you move a whole LV without needing to specify PEs like above. I'll make a better post once I've had to time to try it out.

O.