Finally, after 17 days of anxious anticipation, the exam results are in... and... wait for it... I PASSED!!! w00t w00t! I needed a 300 to pass and I scored 358 out of 500. Not the best score in the world but considering I decided to just "try it" and only gave myself two weeks to study, I couldn't be happier! Now, if they would just hurry up and send my ID so I know what number I am...
Update: Number 474!
Monday, November 7, 2011
Poor performance after upgrading from vCenter 4.1 to 5
I recently upgraded a VMware vCenter installation from 4.1 to 5.0. Everything went well during install from what I remember but afterward I noticed that things kept timing out when managing the vSphere environment. Upon further investigation I found that java.exe seemed to be the culprit. I tried updating it, tried to remove VMware Update Manager, tried simply shutting down the vCenter and SQL services, but none of that helped. The CPU was still pegged at 100%. At that point I started shutting down services one at a time, starting with anything VMware related. Within a few minutes I found that the Converter services, which were installed in the 4.1 environment but not updated, were the most likely culprits. I removed the programs related to Converter and CPU dropped to 0%. At this point I decided to reboot and ensure things were sane.
Unfortunately, after the reboot, the java.exe CPU issue had returned. I then started the troubleshooting process again but this time with a little help. I downloaded and ran an old favorite of mine: ProcessExplorer from Microsoft/Sysinternals. This let me see more information about each process such as what the running environment looks like and which process is considered the parent. There were three separate java.exe's running but the most interesting one was launched by the vSphere Web Client services.
I went ahead and removed the Web Client. While I was at it, I also removed the new Dump Collector and the Syslog Collector services. They each prompted for a restart so I did and checked CPU usage again when it came back up. Still at 100% with another java.exe fighting sqlserver.exe for highest allocation. This time it was the Inventory Service. Even though it was pegged, it was still more responsive than usual so I feel like I am making some progress at least. Back to Process Explorer...
While I was looking at some articles about this to understand what it did, I found that the CPU returned to a sane state. This must have been the Inventory Service catching up after the reboot. I'm still seeing sqlserver.exe running at a pretty constant 50% (essentially the equivalent of 1 CPU core) but I would half way expect that. I also see Tomcat spike up occasionally and together with SQL consume 100% CPU. At this point I am going to continue to monitor the situation. If I find anything else I will try to post.
Just for reference, the vCenter server in question is a VM with 2 vCPU and 8GB RAM running on FC storage managing 6 hosts with approximately 60 VM's so I would assume based on the recommended specs that this would be sufficient. I may increase the memory to 12GB to test further though. Maybe the next step is to finally separate out the SQL instance to a dedicated server since we are technically over the supported limit of 5 hosts and 50 VM's (although I think that is more of a size restriction but who am I to argue with VMware best practices).
*UPDATE: Well, I feel like an uber douche. I was getting ready to call it quits when I saw some alerts coming in from one of our monitoring tools saying that our newest host, the one where the vCenter server ran, was swapping memory in and out frequently. I started looking and found a fair amount of memory ballooned and swapped. This was totally unexpected because that host has 120GB of RAM and only about 60GB was actually in use. Upon further investigation I found that several VM's had limits set on their memory, including (you guessed it) the vCenter server. It was actually capped at 2GB! Not sure why this would have ever been set in this environment but it has been addressed and resources look great again. Java hates being low on physical RAM. CPU is still getting hammered on by SQL but total commit on memory is back down to less than 4GB.
References:
Installing vCenter Server 5.0 best practices
http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2003790
Upgrading to vCenter Server 5.0 best practices
http://kb.vmware.com/selfservice/documentLinkInt.do?micrositeID=&popup=true&languageId=&externalID=2003866
Minimum requirements for the VMware vCenter Server 5.x Appliance
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2005086
vSphere 5 ‘s new services in vCenter
http://geeksilver.wordpress.com/2011/08/31/vsphere-5-s-new-services-in-vcenter/
Update management service at 100% CPu after patching to 4.1.0 build 345043
http://communities.vmware.com/thread/306584
Unfortunately, after the reboot, the java.exe CPU issue had returned. I then started the troubleshooting process again but this time with a little help. I downloaded and ran an old favorite of mine: ProcessExplorer from Microsoft/Sysinternals. This let me see more information about each process such as what the running environment looks like and which process is considered the parent. There were three separate java.exe's running but the most interesting one was launched by the vSphere Web Client services.
I went ahead and removed the Web Client. While I was at it, I also removed the new Dump Collector and the Syslog Collector services. They each prompted for a restart so I did and checked CPU usage again when it came back up. Still at 100% with another java.exe fighting sqlserver.exe for highest allocation. This time it was the Inventory Service. Even though it was pegged, it was still more responsive than usual so I feel like I am making some progress at least. Back to Process Explorer...
While I was looking at some articles about this to understand what it did, I found that the CPU returned to a sane state. This must have been the Inventory Service catching up after the reboot. I'm still seeing sqlserver.exe running at a pretty constant 50% (essentially the equivalent of 1 CPU core) but I would half way expect that. I also see Tomcat spike up occasionally and together with SQL consume 100% CPU. At this point I am going to continue to monitor the situation. If I find anything else I will try to post.
Just for reference, the vCenter server in question is a VM with 2 vCPU and 8GB RAM running on FC storage managing 6 hosts with approximately 60 VM's so I would assume based on the recommended specs that this would be sufficient. I may increase the memory to 12GB to test further though. Maybe the next step is to finally separate out the SQL instance to a dedicated server since we are technically over the supported limit of 5 hosts and 50 VM's (although I think that is more of a size restriction but who am I to argue with VMware best practices).
*UPDATE: Well, I feel like an uber douche. I was getting ready to call it quits when I saw some alerts coming in from one of our monitoring tools saying that our newest host, the one where the vCenter server ran, was swapping memory in and out frequently. I started looking and found a fair amount of memory ballooned and swapped. This was totally unexpected because that host has 120GB of RAM and only about 60GB was actually in use. Upon further investigation I found that several VM's had limits set on their memory, including (you guessed it) the vCenter server. It was actually capped at 2GB! Not sure why this would have ever been set in this environment but it has been addressed and resources look great again. Java hates being low on physical RAM. CPU is still getting hammered on by SQL but total commit on memory is back down to less than 4GB.
References:
Installing vCenter Server 5.0 best practices
http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2003790
Upgrading to vCenter Server 5.0 best practices
http://kb.vmware.com/selfservice/documentLinkInt.do?micrositeID=&popup=true&languageId=&externalID=2003866
Minimum requirements for the VMware vCenter Server 5.x Appliance
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2005086
vSphere 5 ‘s new services in vCenter
http://geeksilver.wordpress.com/2011/08/31/vsphere-5-s-new-services-in-vcenter/
Update management service at 100% CPu after patching to 4.1.0 build 345043
http://communities.vmware.com/thread/306584
Saturday, October 22, 2011
VCAP-DCA: now I wait...
And now I wait. I think the test went better than I had expected, but I would still be surprised if I passed. Overall it was a great test and I actually had fun doing it. I am very much a hands on learner and I work best when I am told to just get it done, and that is 100% the nature of this test. Everything was very relavent to real life with no real abstract scenarios or trick questions that I could see. My test was 34 questions/scenarios and in the end I counted about 6 total that I knew I had missed, didn't finish, or didn't even start. Even though 3.5 hours seems like a lot of time, it really isn't. You either know it or you don't and if you don't, move on and come back if time permits. Having VMware documents available for reference was nice, but you cannot rely on them due to the time limitations.
Regardless of if I passed or not, I learned a lot in studying for this and will be able to apply everything to my job role.
I wanted to give a shoutout to the following people who's blogs about their experiences, their study notes, or just generally good articles helped get me to a point where I felt more confident and ready to try:
Sean Crookston: http://www.seancrookston.com/vcap-dca/
David Davis: http://www.trainsignal.com/blog/vcap-dca-exam
Edward Grigson: http://www.vexperienced.co.uk/tag/vcap-dca/
Kendrick Coleman: http://www.kendrickcoleman.com/index.php?/Tech-Blog/vcap-datacenter-administration-exam-landing-page-vdca410.html
Eric Sloof: http://www.ntpro.nl/blog/
"Virtual Vargi": http://virtual-vargi.blogspot.com/p/vcap-dca.html
Duncan Epping: http://www.yellow-bricks.com/2010/06/28/vcap-dca-exam/
Ray Heffer: http://www.rayheffer.com/1861/vcap-dca-results-and-exam-experience-i-passed/
And everyone who has posted their experiences on the VMware Community Forums: http://www.google.com/search?hl=en&biw=1304&bih=656&q=+site:communities.vmware.com+vcap-dca+passed
Hopefully within the next couple of weeks I will be able to post that I passed! And if not, I will post that I am scheduling my re-take!
Also wanted to say thanks to Brad Butler and Acropolis for rolling the dice with me :)
Regardless of if I passed or not, I learned a lot in studying for this and will be able to apply everything to my job role.
I wanted to give a shoutout to the following people who's blogs about their experiences, their study notes, or just generally good articles helped get me to a point where I felt more confident and ready to try:
Sean Crookston: http://www.seancrookston.com/vcap-dca/
David Davis: http://www.trainsignal.com/blog/vcap-dca-exam
Edward Grigson: http://www.vexperienced.co.uk/tag/vcap-dca/
Kendrick Coleman: http://www.kendrickcoleman.com/index.php?/Tech-Blog/vcap-datacenter-administration-exam-landing-page-vdca410.html
Eric Sloof: http://www.ntpro.nl/blog/
"Virtual Vargi": http://virtual-vargi.blogspot.com/p/vcap-dca.html
Duncan Epping: http://www.yellow-bricks.com/2010/06/28/vcap-dca-exam/
Ray Heffer: http://www.rayheffer.com/1861/vcap-dca-results-and-exam-experience-i-passed/
And everyone who has posted their experiences on the VMware Community Forums: http://www.google.com/search?hl=en&biw=1304&bih=656&q=+site:communities.vmware.com+vcap-dca+passed
Hopefully within the next couple of weeks I will be able to post that I passed! And if not, I will post that I am scheduling my re-take!
Also wanted to say thanks to Brad Butler and Acropolis for rolling the dice with me :)
Thursday, October 20, 2011
VCDA410 Tomorrow! A LOT nervous!
From what I am reading, very smart people are saying this is the hardest test they have ever had to take for an IT certification. There are apparently about 40 exam questions, all of which require configuration in a real lab environment, and there are ONLY 4 hours to do it. 4 hours seems like a lot right? I am starting to sweat bullets here because doing the math on that, it is about 6 minutes per question, which means I will be expected to just get it done and move on. This is not my style. I tend to analyze, configure, re-analyze, and then re-analyze again. And the worst part, I won't know my results for up to 2 weeks after. Again, not my style! I like instant gratification! Agh!! Back to studying.
Wednesday, October 19, 2011
Exam prep for VCAP-DCA
I really wish that I had an unlimited budget of time and money. Unfortunately, I have neither so I study when I can and work with what I have.
I've been preparing the VMware Certified Advanced Professional Data Center Administrator certification exam and wow, it is daunting. I've been working with VMware for a few years now and I got my VCP back in March of last year. I manage a small data center and have been fortunate enough to get my hands on a lot of really cool technology that I thought I knew quite a bit about. But in studying for this exam, I realize just how much I still need to learn. I will be taking it on Friday, fully expecting at this point to fail, but it has opened my eyes so much during my studies that it will only make me better at what I do.
I have to applaud VMware for putting together a fantastic "exam blueprint" for this exam. It is loaded with great references. Also, I found several people who have done a great job at posting their study notes and taking deep dives into specific areas. I am planning on doing the same once I get done with the actual test.
I'll post again on Friday after I take it but I will not know the results until up to 10 days after since it is a lab test and the results will be reviewed by a human being. If you have any interest in specific objectives, please let me know and I'll do what I can to help. Wish me luck!
I've been preparing the VMware Certified Advanced Professional Data Center Administrator certification exam and wow, it is daunting. I've been working with VMware for a few years now and I got my VCP back in March of last year. I manage a small data center and have been fortunate enough to get my hands on a lot of really cool technology that I thought I knew quite a bit about. But in studying for this exam, I realize just how much I still need to learn. I will be taking it on Friday, fully expecting at this point to fail, but it has opened my eyes so much during my studies that it will only make me better at what I do.
I have to applaud VMware for putting together a fantastic "exam blueprint" for this exam. It is loaded with great references. Also, I found several people who have done a great job at posting their study notes and taking deep dives into specific areas. I am planning on doing the same once I get done with the actual test.
I'll post again on Friday after I take it but I will not know the results until up to 10 days after since it is a lab test and the results will be reviewed by a human being. If you have any interest in specific objectives, please let me know and I'll do what I can to help. Wish me luck!
Saturday, September 17, 2011
Sorry Microsoft but I am falling for Google again (part 2)
I started looking at Google's services a little more after I found that the two big complaints I had back in the day seem resolved at this point and things are looking better than ever. I found a way to get OneNote synced up to Google Docs using a tool called DAV-pocket and I can now access all the services that I use through my Google Apps account! Life is great! I will still have two separate accounts, but they can now be linked so I can easily switch between the two. This is fine for now and I will eventually be consolidating them, but I am happier than a tornado in a trailer park (yes, I've seen Cars too many times :)). Anyway, I'm going to slowly start the journey back to Google Apps tonight for at least a few things. I may leave it split between Live and Apps for a few reasons:
#1 SkyDrive: Hey, it's 25GB of free storage! I can't pass that up.
#2 Office Web Apps: I still use this quite a bit at work so I don't see this going away. The whole Microsoft Gold Partner thing you know.
#3 My Wife: If I tell her she is going to have to change her email settings again she will cut off my .... dinner. What?! She can be ruthless but come on, what did you think?
Anyway, I may be having this same debate again in a couple of months when Apple officially releases its iCloud service offering. I do very much like my iPhone.
Maybe the smartest thing for me to do would be focus on developing a unified portal to all of these free public clouds so I could use them all for what they are best at. Hmmm... just what I need, another shiny thing to catch my attention. Stupid ADD. Oh well, gotta stay busy somehow! (just a hint of sarcasm there in case you couldn't tell)
Sorry Microsoft but I am falling for Google again
There was a time when I was mainstream and loved everything Microsoft put out. DOS, QBASIC, Windows 3.1, Windows 95, Hover, Weezer (you know what I am talking about!), Flight Simulator, Bookshelf '95, Encarta... you name it. But, as with most things for my generation, the years went by, the initial luster wore off, and boredom set in. Not to mention it hurt a lot, like physical pain in the wallet area, to spend my hard earned lunch money (I was in 8'th grade I think) on the Windows 95 Upgrade only to find an IRQ conflict between my 2x CD-ROM and my 33.6kbps modem because the new Plug and Play technology didn't know how to handle it properly.
Luckily, I spent a lot of time on IRC and was fortunate enough to make friends with some very smart people, one of which introduced me to the wonderful world of *nix (Slackware Linux 3.0 to be precise). I spent the next several years of my life reloading operating systems on my 486SX and planning for total world domination when I launched my hosting service "Beast Networks" (actually there were a lot more ASCII charaters involved and rainbow colors because it was cool to play with text). Anyway, the cycle began again and I got bored with always "fixing" my computer so I went back to Windows as my primary OS and have been there since primarily because of my job and the fact that my wife just wants the computer to work without having to think about it.
Where am I going with this? Well, besides illustrating my obvious attention deficit disorder, my cycle has apparently started again but this time I am between Microsoft Live and Google. I am currently hosting my critical stuff for Yarbi.com with Microsoft Live Domains and use SkyDrive pretty heavily, but they are lacking in a lot of areas. Google's Blogger is a great service and is what I have decided to use for my blogs (at least until my total world domination scheme works out, then I will host it through Beast Networks of course). Microsoft's Live Spaces was not so much and I guess Microsoft knew it because they had their users convert to WordPress. Gmail is just awesome, and the fact that they beat Microsoft at their own game by making Gmail work with Activesync before Hotmail even did just makes it that much better. Hotmail isn't too bad nowadays, but it still doesn't have nearly the flexibility that Gmail has. The free edition of Google Apps has almost everything that Windows Live Domains has, and now that Microsoft is switching over to Office 365 and has eliminated the a lot of the formerly free services, Google Apps is looking more appealing again. Google Voice is absolutely amazing, Google+ looks very promising, and Chrome Browser is now my default backup browser instead of Firefox or Safari. And don't even get me started on Bing vs Google. The only good thing I have to say about Bing is that it literally is "the sound of found", but I only hear that sound when I use Google search :)
So, label me I a Google fan boy? Absolutely. However, there are are two big buts involved and I am not talking about donkeys here.
Number 1: Google, Gmail, YouTube, Google Apps, etc can all have different accounts and I have not found any way to link them together if you register for them in the wrong order. What does this mean? To get to my Gmail account back when it was invite only, I was johnyarbi@gmail.com. Then eventually I signed up for Google Apps as john@yarbi.com to host my domains there. Then I realized I could use a real email address as my normal Google ID so I created my Google ID as john@yarbi.com but quickly realized I could not link it to my existing Gmail account and it was a different account than my Google Apps account (which had the same name but was definitely not the same account). This meant I had johnyarbi@gmail.com and had been using it for a while, my Google Apps ID which was very limited in what it could do, and my new Google ID with the same name as my Apps ID and now with a new Gmail account jyarbi@gmail.com. Then I went to sign up for YouTube and had to come up with yet a different username. It was very frustrating, especially when I deleted johnyarbi@gmail.com so I could try to recreate it under the john@yarbi.com account only to find out that all deleted Gmail accounts are permanent. Update: This has apparently changed so I might be trying to get my johnyarbi account back, yay!
Confused yet? I was too! To sum it up, Google doesn't seem to have linked accounts figured out yet, which is one thing Microsoft has actually done a pretty good job on. Frustrating for sure, but not necessarily a show stopper. [UPDATE: https://accounts.google.com/b/0/MultipleSessions and http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=29934&topic=29936. It looks like Google has fixed this for the most part as well. Yay again!]
Number 2: The other reason I went with and am still with Windows Live on this most recent ebb, and this is a big one, is Office Web Apps, specifically OneNote. I love OneNote and yes I would marry it if I could claim it on taxes. I've been planning on writing a blog entry about it but every time I sit down to do it, I end up with pages of how much I love it. Anyway, I'll save all that for another time. Google has some "Web Apps" of its own, but the integration with Office 2010 found in Windows Live is something Google can't touch (yet) when you are primarily a Windows user. When they introduced offline access to their apps, this changed the game a little, but the fact is they still do not have a fully featured editor, and they definitely do not have OneNote.
So why am I falling for Google again? Well, maybe it is just that time of the month again in my manstruation cycle, but Google services seem to be consistently getting better while Microsoft is falling behind in most areas (or maybe has not caught up yet?). Either way, the tide is turning and I am washing back out to sea. I've been doing a lot of work getting ready for a 10 year class reunion and have used Google Docs to create web forms, am using Picasa to store and share pictures, Blogger to host the website, YouTube to host videos, etc etc. Things that are just not really doable for free with Microsoft Live suite. And on top of that, I am able to use my single Gmail account in most cases now. The more I dig around, the more I see just how far Google has come. And my initial fear that a lot of these services would be like Google Wave (what every happened to that?!) have pretty well vanished because of Android and Chrome power on the tablet, phone, and light notebook markets Google is in now. Their services are here for the long haul and seem to be aimed directly at Microsoft (and Apple for that matter).
So, at the end of the day, I still like Microsoft and that will not change for the foreseeable future, but Google is winning my heart again through innovative services like Voice and improvements to the stables like Docs and Blogger, and will probably get a lot more of my attention moving forward. Welcome back to the family G.
Thursday, September 15, 2011
Microsoft OneNote is quite possibly the best thing since Notepad
For anyone that is still jotting down quick electronic notes in Notepad or emailing yourself little snippets of randomness to save for later, STOP! Microsoft OneNote is here to save you! If you are lucky enough to have a version of Microsoft Office 2010 that includes OneNote then you have life easy! If not, don't fret, you will still be able to take advantage of OneNote and all of its free flowing, auto-saving goodness using your Windows Live ID and the free Microsoft OneNote Web App. And if you have an iPhone, the OneNote app is FREE for a limited time. The focus of this blog entry will be the free web version so anyone can get started (and hooked!).
If you haven't already signed up for a Live ID then please exit my blog immediately because these computer things must be foreign to you. Wait, maybe you are old scohol and know it as a .NET Passport or MSN username. Still no? Then you are either a hardcore anti-Microsoft user or well… I can't think of any other real reason not to have one. However hard to fathom as it may be, if you really have not signed up for one yet, then you will need to go over to login.live.com and get registered. It is free and will you give you access to the wonderful world of Microsoft’s Live services like Hotmail, Messenger, SkyDrive, and most importantly (at least for this post), Office Web Apps.
My coworkers consider me a OneNote fan boy. I think evangelist sounds better! OneNote is a great product/platform and has really helped me significantly in my fight against clutter, and I think if you give it a try, you will see how much it can help you too. Until next time!
If you haven't already signed up for a Live ID then please exit my blog immediately because these computer things must be foreign to you. Wait, maybe you are old scohol and know it as a .NET Passport or MSN username. Still no? Then you are either a hardcore anti-Microsoft user or well… I can't think of any other real reason not to have one. However hard to fathom as it may be, if you really have not signed up for one yet, then you will need to go over to login.live.com and get registered. It is free and will you give you access to the wonderful world of Microsoft’s Live services like Hotmail, Messenger, SkyDrive, and most importantly (at least for this post), Office Web Apps.
My coworkers consider me a OneNote fan boy. I think evangelist sounds better! OneNote is a great product/platform and has really helped me significantly in my fight against clutter, and I think if you give it a try, you will see how much it can help you too. Until next time!
Saturday, August 6, 2011
“Somebody set up us the bomb! We get signal. What!”
Wow! I just read an article from CNN about Charlie Miller, a St. Louis resident who just recently demonstrated a hack at the Black Hat security conference in Las Vegas that can disable the battery of a MacBook. He said his goal was to see if he "could make one blow". He unable to accomplish his goal because of different mechanisms in place on the battery hardware itself but he was able to get it to essentially stop working. A pretty cool proof of concept!
Getting one to blow up though is not too far fetched of an idea, however. The circuitry that protects the battery from exploding is probably accessible through the same mechanisms he used to disable it. Purely speculation here but he was probably a few lines of code away from getting to those protective mechanisms, exploiting them, and then having complete control over the battery in an unstable way, but was probably on a deadline to get his presentation out and figured disabling it was going to have to do for now.
So what does all this mean to the general public? Well, it means we should be thanking Mr. Miller for finding this exploit before someone malicious released it into the wild. Because of his efforts, this problem will probably be “fixed” relatively soon with a patch from Apple. I would imagine that a stream of devices will probably all be patched in the near future to prevent this type of attach from occurring including primarily phones and laptops, but think about the number of devices you use or know about that connect to the internet and have a battery: Amazon Kindle, Barnes and Noble Nook, high end alarm clocks, satellite radio, home security systems, cars with OnStar, etc.
While disabling a battery doesn’t really seem like much, think about the potential for a few minutes.
Let’s look a totally fictitious scenario for a moment: a major software company wants to drive sales of its latest operating system but it found that many people were still satisfied with the one from 10 years ago and have no real desire to upgrade. What to do, what to do? One way to get people to upgrade is to drive new hardware purchases, right? Ah ha! Release a “patch” for that 10 year old operating system that disables the battery of those older laptops! Then people will be forced to upgrade! Brilliant!
Is that all that can be done though? Not necessarily. Picture this more sinister scenario: a terrorist cell identifies the logic to disable the safety mechanism on the battery and actually get it to explode. This opens the potential to disable it on any similar battery. They also figure out how to trigger a remote code execution on your laptop, phone, OnStar, whatever and push this code out via text message, email, website popup, etc. Payload day comes and boom goes the dynamite! Millions of micro chemical explosions worldwide, disabled workers, crippled communications, highways littered with dead vehicles, etc, etc.
We could essentially all be carrying bombs with us that could literally be remotely detonated and explode at any time! Sounds pretty crazy, but it seems like almost every wireless device has a battery, and inside the battery is a combination of chemicals, and on the cover of every battery is a warning that says caution, explosive!
Probably VERY far fetched....... or is it?! You tell me! ;) Until next time, keep your electronics away from the women and children!
References:
http://www.cnn.com/2011/TECH/mobile/08/05/miller.apple.battery.hacks/index.html?hpt=hp_t2
http://www.forbes.com/forbes/2010/0412/technology-apple-hackers-charlie-miller.html
Oh, and for those that do not get the "Somebody set up us the bomb!" reference, see the classic worldwide phenomenon All Your Base Are Belong To Us.
Getting one to blow up though is not too far fetched of an idea, however. The circuitry that protects the battery from exploding is probably accessible through the same mechanisms he used to disable it. Purely speculation here but he was probably a few lines of code away from getting to those protective mechanisms, exploiting them, and then having complete control over the battery in an unstable way, but was probably on a deadline to get his presentation out and figured disabling it was going to have to do for now.
So what does all this mean to the general public? Well, it means we should be thanking Mr. Miller for finding this exploit before someone malicious released it into the wild. Because of his efforts, this problem will probably be “fixed” relatively soon with a patch from Apple. I would imagine that a stream of devices will probably all be patched in the near future to prevent this type of attach from occurring including primarily phones and laptops, but think about the number of devices you use or know about that connect to the internet and have a battery: Amazon Kindle, Barnes and Noble Nook, high end alarm clocks, satellite radio, home security systems, cars with OnStar, etc.
While disabling a battery doesn’t really seem like much, think about the potential for a few minutes.
Let’s look a totally fictitious scenario for a moment: a major software company wants to drive sales of its latest operating system but it found that many people were still satisfied with the one from 10 years ago and have no real desire to upgrade. What to do, what to do? One way to get people to upgrade is to drive new hardware purchases, right? Ah ha! Release a “patch” for that 10 year old operating system that disables the battery of those older laptops! Then people will be forced to upgrade! Brilliant!
Is that all that can be done though? Not necessarily. Picture this more sinister scenario: a terrorist cell identifies the logic to disable the safety mechanism on the battery and actually get it to explode. This opens the potential to disable it on any similar battery. They also figure out how to trigger a remote code execution on your laptop, phone, OnStar, whatever and push this code out via text message, email, website popup, etc. Payload day comes and boom goes the dynamite! Millions of micro chemical explosions worldwide, disabled workers, crippled communications, highways littered with dead vehicles, etc, etc.
We could essentially all be carrying bombs with us that could literally be remotely detonated and explode at any time! Sounds pretty crazy, but it seems like almost every wireless device has a battery, and inside the battery is a combination of chemicals, and on the cover of every battery is a warning that says caution, explosive!
Probably VERY far fetched....... or is it?! You tell me! ;) Until next time, keep your electronics away from the women and children!
References:
http://www.cnn.com/2011/TECH/mobile/08/05/miller.apple.battery.hacks/index.html?hpt=hp_t2
http://www.forbes.com/forbes/2010/0412/technology-apple-hackers-charlie-miller.html
Oh, and for those that do not get the "Somebody set up us the bomb!" reference, see the classic worldwide phenomenon All Your Base Are Belong To Us.
Thursday, August 4, 2011
FortiGate 200B - Central NAT Table causes potential performance issues
I just had the pleasure of dealing with a strange issue on a FortiGate 200B 4.0 MR3. The client was reporting slow internet browsing from their hosted offsite Citrix server (which is behind the FortiGate). They were able to connect to their Citrix server without any problems, run all of their applications at normal speeds, print, etc. just fine, but when you launched Internet Explorer from within the Citrix session, it would give sporadic results. Most pages were just very slow to come up, others would load only half of the page, and some would just load the title bar. I checked to make sure that it was not just the Citrix server but it was also happening from their Small Business Server, their Microsoft SQL server, and other line of business application servers in their environment, although the Citrix server seemed to be the worst.
I went over to SpeedTest.net to run a quick speed check and it failed. Yes, failed. I have seen some strange results from that site but I had never seen it actually say fail. I was able to get it to fail repeatedly from their environment but it worked everywhere else I tested from outside of their environment.
After looking over the rules on the firewall and looking at performance counters, my co-worker wanted me to try and change the outbound NAT policies on the FortiGate from "Use Central NAT Table" to "Use Dynamic IP Pool". Since then, the problem seems to have gone away and internet browsing speed has returned to normal. SpeedTest.com also now completes successfully from their environment.
I did a quick search on Fortinet’s website and on Google and have not found any similar issues being reported. I am going to have my "FortiExpert" (the co-worker that had me change to IP pools) review this and give me his analysis and submit it as a “FortiGlitch”. Luckily the client was just trying to use the Central NAT Table as a convenience so they did not have to enter each address that they wanted to translate in the policies.
Maybe this is why the Central NAT Table is disabled by default? Or maybe it was just a misconfiguration that half-way sort of worked. Either way, more research is required on this one.
I went over to SpeedTest.net to run a quick speed check and it failed. Yes, failed. I have seen some strange results from that site but I had never seen it actually say fail. I was able to get it to fail repeatedly from their environment but it worked everywhere else I tested from outside of their environment.
After looking over the rules on the firewall and looking at performance counters, my co-worker wanted me to try and change the outbound NAT policies on the FortiGate from "Use Central NAT Table" to "Use Dynamic IP Pool". Since then, the problem seems to have gone away and internet browsing speed has returned to normal. SpeedTest.com also now completes successfully from their environment.
I did a quick search on Fortinet’s website and on Google and have not found any similar issues being reported. I am going to have my "FortiExpert" (the co-worker that had me change to IP pools) review this and give me his analysis and submit it as a “FortiGlitch”. Luckily the client was just trying to use the Central NAT Table as a convenience so they did not have to enter each address that they wanted to translate in the policies.
Maybe this is why the Central NAT Table is disabled by default? Or maybe it was just a misconfiguration that half-way sort of worked. Either way, more research is required on this one.
Subscribe to:
Posts (Atom)