Alex Scoble's IT Notes - An Information Technology Blog

Networking for OpenStack

Alex — Fri, 03 May 2013 15:54:58 -0700

When using Mirantis Fuel Web to build up an OpenStack cloud, it requires 6 separate networks to be created. Simplest way to do this is by using virtual networks (VLANs), however this presents a few challenges because of the complexities of configuring VLANs.

This post is specific to Cisco switches, but may be relevant for other networking equipment as well.

For test purposes, this was all done on one switch and each bare metal server had one interface cabled to the switch. In production environments, it is likely that, at a minimum, a completely separate storage network would also exist, but more complicated networking schemes are quite possible.

For each port on the switch that will be connected to one of the bare metal servers, the following needs to be done:

switchport mode trunk
switchport trunk allowed vlan 10,100-104
switchport trunk native vlan 10
spanning-tree portfast trunk
switchport nonegotiate

Trunking mode must be used because each interface needs to be able to handle all 6 of the virtual networks. In the normal access mode, an interface can only communicate over a single VLAN.

For each interface, it's a good practice to specify which vlans it is allowed to handle.

Trunk native tells the switch that untagged traffic goes over this vlan. VLAN tags are the mechanism that allows a network interface to communicate over multiple discrete subnets. So in this case, only traffic going over vlans 100 through 104 will be tagged.

Spanning-tree portfast trunk tells the switch that this port is a trunk connected to a server or PC and to bypass the usual network loop checks.

Switchport nonegotiate forces the switch to treat this interface as a trunk because the connected device does not understand the protocol the switch uses to negotiate trunking vs access modes.

In the switch config the VLANs also need to be activated using:

vlan10,100,101,102,103,104

For those who normally work with vlans in switchport access mode, the switch automatically does this, but apparently, when working with trunks, adding a vlan to a port does not automatically create and enable that vlan.

I am not a networking expert so some particulars here may have been missed, but I hope this is helpful.

Microsoft Camera Codec Pack

Alex — Sat, 02 Mar 2013 12:10:35 -0800

If you are a digital photographer that takes most of their pics in RAW format like I do and you do most or all of your photo editing on a Windows system, you simply must get the Microsoft Camera Codec Pack.

It enables Windows users the ability to view their RAW pictures as thumbnails when in Windows Explorer, which is super helpful when trying to move pictures between folders or choose which ones to move to your hard drive from the flash stick.

Sadly, GIMP 2 does not use this functionality.

Uninstall Windows Live Essentials using command line on Windows 7

Alex — Sat, 02 Mar 2013 09:48:00 -0800

As you may or may not know, Microsoft is discontinuing support for their MSN Messenger/Live Messenger service in favor of Skype soon.

Since Live Messenger is no longer needed on my system and this is part of Live Essentials, I tried to uninstall Live Essentials using the uninstall option of Programs and Features.

This repeatedly failed with error code 0x8007064c.

I did some searching and found this page which supplied the following solution:

Below are the steps on how to uninstall Windows Live Essentials via CMD line parameter.

a. Go to Start->All Programs->Accessories
b. Right click on Command Prompt and select Run as Administrator
c. Run the following commands to uninstall Windows Live Essentials:
· (64 bit) "c:\program files (x86)\windows live\installer\wlarp.exe" /cleanup:all /q
· (32 bit) "c:\program files\windows live\installer\wlarp.exe" /cleanup:all /q
d. A dialog box shows status until uninstallation has completed
Note: The uninstaller for Windows Live Essentials 2011 can also be downloaded fromhttp://g.live.com/1rewlive4arp/wlarp.exe if the local copy is corrupted.

The command worked successfully.

To run scheduled scans or not

Alex — Tue, 26 Feb 2013 13:38:40 -0800

Is it still necessary to do weekly scheduled antimalware scans these days in addition to real-time scans?

It just seems like more and more that antimalware software is used to meet compliance obligations and not as a real security layer. I say this because as we see in breach after breach reported in the news that antimalware software effectively offers little in the way of real protection against modern malware threats these days.

Some people might say that you leave an enterprise appreciably open to infection by not running scheduled scans along with real-time scans, but is this true? By some reports, antimalware software can only detect about 60-70% of all known infectuous software, regardless of scan type.

So the question is, if something is only 60-70% effective today against malware, how is performing a scheduled scan going to help you? Once a box is infected despite real-time scanning protections, the malware is very likely to hide itself from the antimalware or disable the antimalware software altogether.

In my mind, it just seems like best practice is to use either real-time scanning or scheduled scans, but not both. Use real-time scanning on systems where performance isn't a critical issue and use scheduled scans on systems that require every bit of computing power.

What do you think?

How best to tell users that their systems are part of a botnet

Alex — Fri, 22 Feb 2013 11:48:19 -0800

This article is pretty interesting http://www.darkreading.com/insider-threat/167801100/security/attacks-breaches/240149075/how-best-to-break-the-news-to-users-that-they-re-a-bot.html Talks about the most effective methods ISPs used to notify customers that their computers were part of a botnet.

One takeaway is that both Windows AND Mac computers became part of the botnet, so that should dispel the myth that Macs do not get infected with malware.

Microsoft's "Innovative" New UI

Alex — Wed, 20 Feb 2013 19:09:44 -0800

I'm not a big fan of Microsoft's new UI that they created for WinMo 7 and Windows 8. It feels unfinished and unpolished like a cheap piece of IKEA furniture. I never thought that any developers would find it innovative enough to copy it, but that's exactly what the devs at Slacker did for their new UI. In terms of usability, the UI is good, but the blue squares thing just doesn't look good at all when compared to stuff like Android or iOS.

Scandal Is Great TV

Alex — Tue, 19 Feb 2013 21:12:16 -0800

Rarely in my life have I experience television as good as Scandal. It just keeps getting better. Each moment somehow tops those that came before. The people who create this show are truly at the top of their game.

Trader Joe's Roasted Coconut Chips

Alex — Tue, 19 Feb 2013 21:08:19 -0800

Trader Joe's Roasted Coconut Chips are ridiculously tasty.

Vitamix = Health

Alex — Sun, 17 Feb 2013 12:35:33 -0800

Since we got our Vitamix in September of 2012, I have eaten more fruits and veggies than in the last previous ten years combined (if not more). It is quite literally the most used appliance, after the fridge, in our house.

I'm a guest on Tech Webcast episode 226

Alex — Fri, 15 Feb 2013 22:12:36 -0800

I was a guest tonight on Tech Webcast. An hour long tech show done by a bunch of people, some in Australia and some in the US.

Check it out although don't expect me to sound all that great. Not exactly the best public speaker.