OS Quest Trail Log #61: Long Weekend Edition

Here in the States we have a nice 3 day weekend thanks to the Independence Day holiday. I took advantage of the time to move this site back to it’s original, but now upgraded, web server. It had been running on a second server for about a month while I did the upgrades. I ended up going with an entire site redesign rather than just tweaking the old design to work with the changes. That was mainly because those “tweaks” were looking like more work than expected so I took the opportunity to change things up. Since the new design has been active for less than a day I’ll hold off on any details until the dust settles. If you notice any problems or have any suggestion feel free to leave a comment. But it wasn’t all about the website in June…

Windows Home Server 2011

On the Windows Home Server front I ended up doing a Windows Home Server 2011 restore rather than rebuild the RAID array. That went well. Even so, I ended up moving my Windows Home Server to a new HP MicroServer. I’ve been happy with the performance although there was a bit of a rough spot after the migration. But theses performance issues seemed to be unrelated to the WHS itself but were network issues. Things do slow down a bit if the system drive is heavily used but that’s a rare occasion. I have the system drive in the optical drive bay and the reputation of that SATA port is that it’s slow. I’ve been hesitant to try the third-party BIOS that’s supposed to improve that ports performance but I may give it a shot.

Network Upgrades

I’ve been upgrading my network over the past month. I swapped out my daisy chain of switches and replaced them with a single D-Link DGS-1024D switch. As part of that change I also swapped out some older or unnecessarily long cables. If nothing else it makes things a lot neater and organized.

The other issue I had ended up being traced to the NIC in my Windows 7 desktop. Many of my problems went away when I switched it back to the mother board NIC. That’s my second Intel NIC to go bad this year. I’m beginning to sour on the Intel name. Until now I’ve gone with a Intel NIC for every PC as a standard reflex when building a PC. No more.

The biggest piece of the home network upgrades was the implementation of a software router/UTM (UTM = unified threat manager). I’ve been playing around with various options. While I liked pfSense as a router, it didn’t play well with my DSL so I looked elsewhere. I started with ClearOS, thinking it provided a nice router & UTM along with typical file & web server functions. But it didn’t last long, suffering from stability and performance issues once I installed it so I moved to Untangle. So far Untangle is working fine and seems like a keeper.

This about wraps up my network upgrades. I’ll look for a new NIC for my desktop so I’m not tied to the onboard NIC but it’s not a priority. I’d like to implement pfSense but that’s more for fun than out of need since Untangle is working fine.

Website Upgrades & Changes

While there’s been obvious changes to the look of The OS Quest there’s also been some changes under the hood. As mentioned in my server OS review the site is now running on Ubuntu 10.04 LTS. This upgrade is basically what forced the other changes as the Ubuntu 9 that it was running on reached its end-of-life. Since it was an OS upgrade I went with a temporary second server rather than risk an in place upgrade.

I also switched the WordPress theme to WP-Clear. My old theme had become out of date and there wasn’t a direct (a.k.a. easy) upgrade so I took the opportunity to make some changes. While this theme is less flexible than my other one it was significantly easier to set up. Part of the problem is that the old theme had so many options I could play with it forever, The upgrade broke just enough things to require some significant work to upgrade. At least with WP-Clear there’s a much more manageable set of options. I also didn’t have to revisit and update too many old posts.

Update July 5th: I’ve reverted back to my previous theme (mostly). There were some things I didn’t like with WP-Clear so before going too far I rolled back and will re-evaluate my WordPress theme selection.

I also moved the commenting system to Intense Debate but I’m still allowing “guest” comments and not requiring a logon. At least not yet. Spam has been annoying so I might require a logon in the future. My testing shows it’s as easy to get out of Intense Debate as it is to get in so I’m not locked in.

Home Media

My living room finally entered the 21st century when I replaced my tube TV with a VIZIO XVT323SV LED TV and a Blu-Ray player. I’ve yet to link either of these directly to my home server but it’s on the list for the future. At this point I’ve been copying files to a USB drive and playing them from that and it works well. Batch files and some manual attention keeps the USB stick up to date with the shows and movies I want to watch.

On Tap

I’ll probably spend most of this month with WordPress and server software. The site redesign has left me with some things I want to look at a try out. I also want to make some changes to the content structure of this site although exactly what changes won’t be decided until I do some testing. Over the next couple of days I’ll eventually reach the point of no return on this site change and will be shutting down my old server. This post will be the first new content since the site redesign. (As I type this I still have the option to switch back to my old site with no more than a DNS change and still have all my content as it was.)

On the computer side of things it’ll be mostly cleaning up. My Windows Home Server version 1 hasn’t been powered up in a couple of weeks so it’s safe to say it can be retired for parts. I’ll pull the 2 TB hard drives in it and reuse them. But the memory/cpu/motherboard is probably obsolete (they won’t run Windows Home Server 2011 or any other 64-bit OS). There’s always the Linux/NAS option but I have no real need for that these days. I’m sure I’ll find a use for the case though.

So enjoy the holiday barbeque and fireworks if your in the U.S.

Belkin Powerline AV (200 Mbps)

Belkin Powerline AV picture I use my Mac Mini as a media center but it has a 802.11g wireless connection which has been a problem. Since I live in a pretty dense apartment complex and every couple of months I have to find a new channel that has less interference. I finally got fed up enough that I decided to spend the money and try a Powerline AV adapter. I went with the Belkin Powerline AV Adapter. I never had much confidence in the Powerline technology but I was hoping it had matured by now. While the Belkins are pricey ($149 at Amazon) I went with them because they are the newest and therefore I figured most mature and likely to work.

Setup

Setting up the Belkin Powerline AVs is simplicity itself. Plug them into power and then plug in the network cable. But the gory details are…

The Belkin Powerline AV starter kit came with two Powerline AV adapters. They can plug in flush with the wall using the pre-installed wall plug, or you can swap out the wall plug with a supplied extension cord if you don’t have the space for the adapter. You also get two network patch cables in the box. One adapter needs to plug into your network modem, router or switch while the other attaches to the device you want to add to the network. Additional Powerline AV adapters can be added although the adapters will all share the same bandwidth.

In my case I attached one to an ethernet port on my router and the other to my Mac Mini.

The Powerline AVs use 128-bit DES encryption for security. The encryption key can be changed from their factory default to a random value. This is the only part that’s a bit difficult. Each adapter has a “One Touch Security Button” that need to be pressed in the proper order for the proper length of time to set and sync the keys. Since it’s only a button there’s no feedback other than the devices connecting when your done.

Belkin says they should be plugged directly into the wall and not to use a power strip or ups.

Performance

The Belkin Powerline AV’s claim to be 200Mbps (I suspect they mean 100 Mbps full-duplex). There’s an LED that glows blue when the link-rate is 80Mbps or greater and amber when the link rate is less than 80Mbps. The adapter that connects to my router glows amber indicating a rate less than 80Mbps.

I’m seeing actual speeds consistently above 24Mbps and usually about 28Mbps. This is far below the rated performance but above the speeds I’ve been getting with other wireless options. More importantly, the connection is reliable and consistent. Streaming video has worked fine so far.

Conclusion

They’re pricey and I’m only getting about 12% of their rated speed but it’s faster than my wireless options. Despite this it seems like a suitable option for my needs and I won’t be sending them back. Some things to keep in mind is that distance (over you electrical wires) affects performance and additional devices will share the same bandwidth.

Security Quest #6 – OpenDNS

OpenDNS is a standalone DNS service that anyone can use. The term “Open” in this case means open to anyone, not open source. When you switch to the OpenDNS servers for name resolution you’ll stop using your ISP’s servers and you’ll be using the OpenDNS servers. This could provide a performance benefit if your ISP’s name resolution is slowing things down.

Switching to OpenDNS is fairly simple, simply type in their DNS server addresses (208.67.222.222 and 208.67.220.220) in the appropriate spot in your network configuration. If you have a home network you should do this at the router. The OpenDNS website has instructions for many routers. If your making the changes on a computer they also have instructions for most OS’s.

All OpenDNS features are free. If you type in a bad URL they will display a search page that contains advertising.

Faster DNS is good, but the security features that OpenDNS brings are even better. You’ll need to sign up for a free account to manage these features. Anti-Phishing is on by default (no account needed to leave it on) but the others are off by default and you’ll need an account to turn them on and configure them.

Anti-Phishing

OpenDNS provides anti-phishing protection which is on by default. OpenDNS uses (and operates) PhishTank to identify phishing sites. If the URL is identified as a phishing sites it’s blocked and a block message is displayed. PhishTank is used by others such as Yahoo Mail and there’s a Firefox add-on that used it.

Domain Blocking

OpenDNS can also be used to block domains. You can also block a sub-domain. The example they use is mail.yahoo.com to block Yahoo Mail but allow the rest of Yahoo or yahoo.com to block all of Yahoo. In my case I block domains for the pop-up ads (and any ad that annoys me) that make it through the Firefox popup blocker. You could even go so far as to block doubleclick.net to block all their ads. It takes about 10 minutes for a block to take affect.

Adult Site Blocking

OpenDNS can also block several categories of adult sites. Data for this service is provided by St. Bernard’s iGuard. There are various categories of adult sites, from what some may not consider adult to one called “tasteless”. Since many adult sites may be used to spread malware this can provide some protection against typos or errant clicks.

Whitelists

While the above features block sites, there may be cases where you want to allow a site which would otherwise be blocked. You can add these sites to a whitelist which will prevent it from eve being blocked.

Additional Features

OpenDNS also includes several features that aren’t security related.

Typo correction – changes google.cmo to google.com

Shortcuts – create a keyword that goes to a URL. For example, mw can go to www.mywebsite.com

Statistics – you can view statistics about your DNS requests (optional and is off by default).

Security Software

CNet reviewed three Windows PC security packages this week. They rated McAfee VirusScan Plus 2008 – complete package a 7.0 out of 10. Panda AntiVirus 2008 was rated 6.0 out of 10. CA AntiVirus Plus AntiSpyware was also rated 6.0 out of 10. None were an editor’s choice

News & Information

ArsTechnica.com – Hackers target Finnish forum, crack logins for almost 80,000 users– Good example of why it’s a good idea to use different passwords on different sites.

ArsTechnica.com: Comcast’s law enforcement handbook leaked, could teach telecoms a thing or two– Comcast document leaked. Makes them look good compared to telcos.

ArsTechnica.com: Verizon Wireless: If you don’t opt out, we get to share your CPNI call data– Verizon Wireless will start sharing your calling data unless you opt-out

Lifehacker.com: Featured Firefox Extension: Create Strong Passwords with Password Hasher– Lifehacker brings a Firefox extension for creating strong passwords.

Macworld.com: I will be smarter about how I handle e-mail– Some tips about safe mail use. While a few product mentions are Mac specific, the tips can apply to anyone.

Macworld.com: I will behave cautiously online– Some tips for safe browsing. Even Mac users are vulnerable in this area since the operating system is irrelevant.

Macworld.com: I will keep my Mac safe from other users– Some tips on securing a Mac. Can’t say I do all these things

Macworld.com: I will use good passwords– Some tips for using passwords

The OS Quest Trail Log #5

It was a big weekend here at the OS Quest Data Center so I figured I’d wait for the long weekend (made even longer with a vacation day on Friday) to end.

With my switch to Comcast I have a little time with both DSL and Comcast since the DSL will run for another couple of weeks. A co-worker suggested I keep the DSL as a backup or to increase my bandwidth. Being a router guy he happened to have a Xincom XC-DPG502 router that he sent me. Since it didn’t cost me anything (except time) I figured I’d check it out. Once I packed the Xincom back up I pulled out my new Apple Airport Extreme Base Station and set that up.

Xincom DPG502 Router

While not the typical home router the Xincom is a relatively low cost router ($180) that has two WAN ports that can be set up to load balance or to operate as a fail-over backup. Even ignoring costs I decided keeping DSL and using the Xincom wasn’t for me. Many secure connections (such as https websites or my Mozy backups) can’t bounce between ports so they stay on the WAN port they first get. I found many times my connections were using the slower DSL connection and it was processing 50% of the traffic even though the load balancing said it should use only 10%. I also had a problem accessing some websites through the Xincom although they were accessible through a different router. It took awhile to get there but I eventually narrowed it down to the Xincom even though it didn’t make much sense.

The fail over feature seemed to work well although the connection has to be down hard. You can also set the router up to connect to a server on the Internet and consider the link down if it’s not accessible. The router can also be set up to connect to a server on the Internet and mark the wan port as down when it’s not accessible.

Apple Airport Extreme Base Station

Once I had enough fun playing with the Xincom I packed it up to send back and pulled out my new Apple Airport Extreme base station. I wanted to set up a 802.11n network for my Apple TV, my Macbook and once I get a USB 802.11n USB adapter my Mac Mini. In addition to the extra speed I’m hoping to avoid the interference I always run into since I live in an apartment complex. It also give me gigabit ethernet and the ability to attach a USB drive.

The installation is a bit different in that I had to install the Airport Utility (which required a reboot) on my iMac and then update it through software update before I could install the Airport Base Station. Then I had to update the firmware on the base station once the Airport Utility connected to it. I’m used to accessing the routers through a web browser but in this case it’s done through the Airport Utility.

It took longer than I expected but ended up being problem free.

Linksys Won’t Bridge – 2Wire Will

In order to keep only 802.11n devices on my Airport to avoid degrading the speed I needed to set up a second wireless access point for my 802.11 devices (Tivo, old Windows laptop, occasional work laptop). I figured I could just use my Linksys but that was no go. There’s no Bridge mode and when I found a third party firmware that could do it I ended up not being able to flash the firmware. I then found I could bridge my 2Wire gateway so I was able to set that up.

So now my network consists of the Airport Extreme connected to the cable modem and providing the 802.11n network. It also provides the ethernet cable connection to my iMac and the DHCP addresses for everything on the network. The Airport is connected via ethernet to my 2Wire 2701-HG gateway. The 2701 just provides the 802.11g wireless network and it’s in bridged mode. It’s own wan connection is unused and DHCP to its wireless devices is provided by the Airport.

Comcast

I’m liking the speed of Comcast. But all is not perfect. I’ve had some problems where the connection just drops and I have to power cycle the cable modem. It usually happens overnight so I don’t notice until morning. Since I’ve been in vampire mode this weekend I’ve been on the computer when the connection goes away and power cycling the cable modem always fixes it. Jumping to another PC also fails to connect to the internet so it’s not an iMac problem. Even though cycling the modem seems to fix it, it does show activity.

New Business

With my move to cable for internet I’m looking into dropping my phone land line completely. Anyone who I want to talk to already has my cell phone number. The only ones who call my land line phone are telemarketers. I want another phone number that I can give to people who I can’t trust with my cell phone (potential telemarketers) so I’m looking into Skype and some other options. I also just came across an offering from AOL which seems like it might fit the bill.

I finally got motivated to head out and take some pictures. My latest camera, Panasonic DSC-LZ8. It’s a SLR-looking point and shoot with a 12X zoom that also shoots RAW. The downside is that OS X doesn’t have a RAW converter for it so iPhoto and Aperture won’t read them. Adobe Lightroom will read them so I installed the 30-day evaluation. When shooting RAW the LZ8 also saves a JPG so I did a quick comparison. I imported a couple of RAW photos and exported without any processing. The corresponding JPG was slightly better (so it was processed by the camera) and of good quality in my opinion. What I didn’t expect was how much I’d like Lightroom. It just seemed more intuitive than Aperture for importing, organization and quick processing.

Links & News

NeoOffice 2.2.1 is now available. NeoOffice is an OS X port of OpenOffice.org. At one time NeoOffice required the installation of X11 but that’s no longer the case. While it’s been awhile, and several versions, since I used it my previous experience was that it was to big, slow and cumbersome for my limited needs (same complaint about OpenOffice.org at the time).

Lifehacker brought a link to a series of cheat sheets for every character key on a Mac.

BuiltWith is a website that tells you what tools are used on a website.