Category Archives: common knowledge

How to change a (domain) password on a Windows 2012 server

Security

When logged on to a Windows 2012 server through an RDP through another RDP connection on an Apple laptop, changing the password can be a challenge, especially if the account on this 2012 machine is not the same as on the machine you used to connect to the 2012 machine (try saying that sentence 5 times in a row).

So you’re logged on to a Windows 2012 server and you need to change the password of the actual account you’re using at that moment.

Click on the windows flag in the lower left of the screen and type this Powershell command:

Powershell -noprofile -nologo -noninteractive -command “(new-object -ComObject shell.application).WindowsSecurity()”

It doesn’t look pretty, but since I cannot find any alternative, it’s the best I can do.

It works!

Uptime defined, or what is uptime exactly?

Five nines

You often hear vendors mentioning their system has five 9s of uptime, but what exactly is uptime?

Some define uptime only for their own specific piece of technology. For example, a storage array with five 9s uptime, can only tolerate 5 minutes and 15 seconds of downtime per year, but if your network vendor also has a five 9 uptime specification and your power company and your data center and your internet provider and a whole lot of other components…. do the math!

Read more »

The “Internet Of Things”, or simply IoT, what’s it good for?

Internet of Things

Internet Of Things, the IoT

We’ve all heard the hype about the IoT, the Internet Of Things, but is it really a hype? Back in the dark ages (the 90s), a company called Novell already claimed that coffee machines and refrigerators would be equipped with a mini OS and an IP address, so automatic ordering systems could make sure you always have specific foods (or beer) in your fridge.

But at the same time the world was running low on IP addresses, so actually providing all these electronic devices with a unique address was a challenge. The solution was IPv6 which provides a few more addresses than IPv4 does.

Read more »

Why securing devices using your fingerprint is not safe

fingerprint

Think about it: fingerprints are unique. Everybody has them and every one of them is unique, so it’s a secure way to prove your identity, right?

WRONG!

We all thought that passwords were easily hackable, if not by guessing, by brute force attacks. And we all know the “difficult” passwords: P@$$w0rd123 and 3AsyD03s1T. As if hackers are stupid! They’re not! Believe it or not, but these so called encrypted, but still “readable” passwords are easy to guess, just like your dog’s name and your mother’s birthday. I mean, a dog’s name is Bello, Spot, Rex, Fluffy or a dozen other names and as for birthdays: we only have to try every date since 1-1-1900, which is roughly only 115 x 365 = 42,000 dates which are there to try.

Read more »

Tracking the FREAK Attack

Now what? Yet another vulnerability exposed?

On Tuesday, March 3, 2015, researchers announced a new SSL/TLS vulnerability called the FREAK attack. It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. This site is dedicated to tracking the impact of the attack and helping users test whether they’re vulnerable.

At the moment it seems that only Firefox is safe to use! And needlessly to say that you should ALWAYS be aware of unsafe content. Try not to click anywhere unless you really trust the website!!!

The FREAK attack was discovered by Karthikeyan Bhargavan at INRIA in Paris and the miTLS team. Further disclosure was coordinated by Matthew Green. This report is maintained by computer scientists at the University of Michigan, including Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. The team can be contacted at freakattack@umich.edu.

For additional details about the attack and its implications, see this post by Matt Green, this site by the discoverers, this Washington Post article, and this post by Ed Felten.

Please visit this website to find out more about the vulnerability of your browser or website: https://freakattack.com/

 

Source: https://freakattack.com/

Enhance your WiFi by using beer!

Beer can WiFi booster

Bad WiFi reception

Bad WiFi reception is one of the most common annoyances these days. Especially in residential areas where every house has at least 1 access point and each family is working hard to fill the ether with their own signals. A quick fix can solve this problem relatively easy by using an empty beer can (a soda can also works).

The aluminum of an empty beer can enhance the WiFi-signal significantly. You could buy an expensive repeater, but a beer can is immensely cheaper (and is more fun to get too). Our good friend youtube shows us this instructional video.

Step by step

  1. Go to the supermarket
  2. Buy (at least) 1 can of beer (a premium brand will do better than some random cheap brand)
  3. Empty the can (don’t throw the beer in the sink at all times! Drinking is the preferred method!)
  4. Clean the inside of the can by flushing it with some water
  5. you will need a knife or scissors to open up the can and some material to fix the empty can to your router
  6. Remove the lid, used to open the can
  7. Cut off the bottom of the can
  8. Cut off the top of the can, leaving a small piece near the old drinking opening
  9. Cut the can from top to bottom at the opposite side from the drinking opening
  10. Carefully bend the metal so it (sort of) looks like a satellite dish
  11. Place the brand new dish shaped beer can on your access point, by sticking the antenna through the old drinking opening
  12. Fix the “dish” so it doesn’t fall off

steps

This little trick should enhance the signal strength by a factor 2 or 3. This only works for access points equipped with an external antenna. For antenna-less models you could try creating a somewhat larger dish and placing the whole access point on the bigger dish, but I don’t guarantee this works. You could for example use a keg, but I doubt that you can cut it by using scissors 😉

 

The Science of ‘Interstellar’ Explained

Warning: SPOILER ALERT! This infographic contains details about the new space film “Interstellar.”

The film “Interstellar” relies on real science for many of its stunning visuals. Physicist Kip Thorne, an expert on black holes and wormholes, provided the math that the special effects artists turned into movie magic.

The spaceship Endurance’s destination is Gargantua, a fictional supermassive black hole with a mass 100 million times that of the sun. It lies 10 billion light-years from Earth and is orbited by several planets. Gargantua rotates at an astounding 99.8 percent of the speed of light.

Read more »

The endless discussion about binary versus decimal prefixes – GB vs GiB

I already wrote about this twice:

  1. My first blog post about the issue
  2. My second blog post

And to fire up the discussion once again, I found another link on the IEC website: http://www.iec.ch/si/binary.htm

Remember that scientists want to be very precise about their findings and writing G, means there’s 1,000,000,000 of whatever they were measuring. If they wanted to switch to counting in binary language, they would either switch to using 0s and 1s or use binary prefixes like Gi, Mi, Pi and Ki.

So once again:

  • 1 kB = 1,000 Bytes
  • 1 KiB = 1,024 Bytes
  • 1 GB = 1,000,000,000 Bytes
  • 1 GiB = 1,024 x 1,024 x 1,024 Bytes

 

Spread the word. Please!

Are my EMC products affected by the bleeding heart SSL bug?

Bleeding heart

It’s been all over the news this week:

Bleeding heart

Heartbleed OpenSSL bug

OpenSSL versions 1.0.1 through 1.0.1f  as well as 1.0.2-beta1 are indicated to be vulnerable to Heartbeat Vulnerability.

Due to a missing bounds check in OpenSSL during the TLS heartbeat extension, a maximum of 64 KiB of memory can be revealed to a connected client or server. This may potentially allow an unauthenticated, remote attacker to gain access to sensitive information such as private keys, login passwords, and encryption keys (the so-called Secret Keys). As a result of this disclosure of potentially sensitive information, these Secret Keys could be leveraged to decrypt other sensitive information or conduct so-called man-in-the-middle attacks.

References:

I won’t copy/paste the complete list in this post as the list will be updated over time, but in general I can disclose that (according to EMC) Brocade FOS, Centera, Clariion, Connectrix Manager, Control Center, Data Domain OS, ESRS, Isilon OneFS, , Networker, RecoverPoint, Replication Manager, ViPR, VNVe, VNX1, VNX2, VPLEX, XtremIO are not vulnerable.

You should read the article on bit.ly/1hwgFpW for specific other products as there are a few that might need attention.

Make sure you patch your products if you need to and please change your passwords every now and then (and in this case as soon as possible).

How to translate Windows disk ids to storage array’s LUNs

Converting disk information in a VM into the actual LUN information

We’ve all been there: you have a certain Windows virtual machine with several disks of the same size and you don’t know which Windows-disk is in fact which storage LUN.

The VMware settings for this VM might look like this:

VM-config

Read more »

EMC 2 or EMC II: which is which?

David Goulden is the new CEO of EMC Information Infrastructure (EMC II)

Joe Tucci remains Chairman and CEO of EMC Corporation. But what is the difference between the two EMCs? EMC2 or EMC II, which is which?

EMC Information Infrastructure, AKA EMC II is one of the businesses in the EMC Federation.

In their press release on January 8, 2014 EMC says: “Over the past year David has done a phenomenal job of running EMC’s Information Infrastructure business.  David is both knowledgeable and widely respected across EMC and fully deserves this promotion,” said Joe Tucci.  “I am looking forward to continuing to work with David in my current capacity as Chairman and CEO of EMC Corporation.”

EMC2 (Joe Tucci) is the major brand name and lies “on top” of the whole EMC family and the companies EMC II (David Goulden), VMware (Pat Gelsinger) and Pivotal (Paul Maritz) as such. IIG and RSA are part of EMC II.

EMC Technical Support Links

EMC Velocity Services: Technical Support Links

I just found this page on ECN (EMC Community Network) which helps me a lot finding the right information faster that just using Google.

So this time it’s only a short post, but I hope it helps you find information much quicker.

Here’s the link: https://community.emc.com/docs/DOC-10850

the community is about helping each other: partition table lost and found

Hardware:

  • 1 Windows 2008R2 server containing 2 HBAs
  • 2 SAN switches
  • EMC VNX-5100
  • 1 LUN presented over 4 paths (2 per HBA)
  • no PowerPath or MPIO, so Windows host sees 4 vdisks and uses only 1 (with the risk of corruption)

Scenario:

After an unexpected reboot the host lost access to the data on the LUN and it seemed as if the vdisk was unformatted or at least corrupted.

  • I checked the VNX, but all 4 paths were available
  • “diskpart” showed the disk, but no volumes, so Windows people thought it was a “SAN issue” (which it wasn’t, of course)
  • I tried enabling MPIO, but by default this host made the LUN (now visible as 1 vdisk instead of 4) read only
  • After disabling MPIO I installed PowerPath (unlicensed) to be sure Windows only sees 1 vdisk instead of 4
  • After the reboot I once again saw 1 vdisk and PowerPath showed 4 paths (of which 2 unlicensed)
  • Still no luck accessing the data

the Community starts here

And here is where it gets interesting. The strength of the community is where you help each other and in this case the customer called me to inform me that since he had nothing to loose anyway he used “TestDisk by CGSecurity” and this tool actually discovers data patterns on disks and in the blink of an eye NTFS was found and the partition could be restored.

No format and restore of an earlier backup was necessary!

Gigabyte versus Gibibyte

Are the hard drive vendors screwing us?

the answer is no. At least when it comes to the number of bytes they promise you can store on their drives they’re not. Oh really?

In July 2012 I wrote a blog post on “saying what you mean to say“, so people cannot misinterpret what you’re trying to point out. Gigabyte, Gibibyte, Joules, Calorie, kilo Calorie, degrees Celsius, but not degrees kelvin (it’s just kelvin or capital K).

Read more »

Fibre Channel Routing: EMC Ask the Expert on ECN

Fibre Channel Routing

From Monday April the 15th to May 1st 2013 EMC is hosting yet another “Ask the Expert” discussion on ECN. This time it’s about Fibre Channel Routing.

What is it, what’s it used for and how do you know if you want it?

Take a look at the discussion and join me and my friends Allen Ward and Mr Dynamox on ECN!

And although we close the topic on May 1st, we’ll wrap up LIVE from EMC World in Las Vegas in the EMC Elect corner! So if you’re there from May 6 to May 9, make sure to look out for us. As far as I know the Elect corner will be next to the Blogger’s area, close to the Pavillion.

SCSI, (P)ATA, SAS, NL-SAS and SATA, what’s the difference? (part 2)

So what else is there that differentiates SCSI, (P)ATA, SAS, NL-SAS and SATA?

Size matters

In part 1 we talked about Rotations Per Minute and Command Queuing, but what else is there that makes a certain drive a better choice than any other? Other differences are the size of the platters. Commonly used are 3.5 inch and 2.5 inch. Although it makes sense that smaller platters can rotate faster than larger platters in the end only the size of the drive cage matters. It’s in fact somewhat weird that most 2.5 inch drives now rotate at 10k RPM and the 3.5 inch drives at 15k. Being able to cool the device is probably the main reason why a 10k drive only spins at 10k RPM. If it would rotate any faster, it would heat up more and heat dissipation could become a serious problem. So if you need a high GB per square meter density and performance doesn’t really matter, then the 2.5 inch drives make sense, but if performance is the key differentiator, the more IOps you can squeeze out of each drive, the better. And since we’re not discussing data center designs here, only quality / performance counts.

Read more »

SCSI, (P)ATA, SAS, NL-SAS and SATA, what’s the difference? (part 1)

Everybody needs storage space nowadays. Whether it is used for high performance computing or simply storing family snapshots, we all need room to store data which is important to us.

In the old days (the 1990s) things were fairly easy: you had either ATA or SCSI. The much older RLL and MFM are now called ancient and therefore not talked about in this article. ATA was mainstream for about 10 years and SCSI was expensive, but also very fast. Both standards used a flatcable and the data was sent to and from the drive in parallel. But when speeds increased the timing of each of the separate signals became difficult and just like cd players in the 1980s manufacturers started using serial lines. This meant that higher speeds could be accomplished and also that the huge flatcables were now traded in for much smaller cable, which improved the airflow as well.

Read more »

How to bring down an EMC VNXe (as if you ever want to do so)

If you somehow need to get some work don on your power feeds to your data center and the VNXe needs to be shut down, you need to manually shut down the machine before starting the work on the power lines. But knowing CX and VNX, this proved to be a challenge for me since the e model doesn’t have Standby Power Supplies. These SPSs used in CXs and VNXs do the work for you: when you turn the power switch on the SPSs or simply cut the power feed to these SPSs, the SPSs send out a signal to the Storage Processors, which will then flush the write cache to the vault after which the SPs will shut down nice and orderly.

But how do you do this on a VNXe model?

The best way is to do this from your desk! you don’t even have to get up and walk to the VNXe at all! There are two ways you can shutdown the VNXe.

  • Through the Unisphere GUI: Settings > Service System > Select Shutdown and click “Execute Service” action. This option was introducted in the operating system version 2.2.0. This will shut down the system completely and only the Power Supply’s ‘power LEDs’ will remain on.
  • Through Unisphere CLI using following command:

uemcli -d <IP_address> -u service -p <Service_password> /service/system shutdown

The Unisphere CLI (UEMCLI) should be downloaded from the EMC Support website and should be installed on your pc (Windows/Linux/Solaris/Unix). After installing this CLI you can execute the mentioned command to shutdown the VNXe. There is a Unisphere CLI user guide available on the EMC Support website.

In the older versions of the VNXe operating system there was no CLI option to shutdown the unit. The svc_shutdown command from the console (Putty) was the only way on those older machines. However this will not completely power down the system, it will unload all software from memory. After issueing this command a power loss won’t damage the data (like LUN corruption, OS image corruption, cache dirty etc.).

Facilitate the conversation: say what you mean and don’t make assumptions

We all work with words every day. Words that can cause confusion if used incorrectly, but words can also make the conversation smoothless … if used correctly.

I’d like to name a few of these possible confusion from my daily experience in the IT Storage business.

 

  • Network versus fileserver

How many of you store their data on the network? The network connects clients to servers (or other clients). The network consists of network devices like switches, routers, bridges, firewalls and the cables to connect all these devices together. I store my data on a file server and the network helps me getting it there.

Read more »