From the extraordinary Mike Hunsinger:
Today I learned something fascinating. You can run linux as a Windows Subsystem w/o using a vm or dual-boot. All you have to do is run PS as admin, execute this:
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
reboot when prompted and then you can use the windows store to install just about any Linux distro you want.
This article describes folks running Linux GUI apps talking to Windows-native X Windows. Ponderworthy hasn’t tested this yet, but the following X server looks like a very worthy candidate:
sourceforge.net/projects/vcxsrv/
Get the portable version here:
http://www.tweaking.com/content/page/windows_repair_all_in_one.html
- Unpack it
- Run Repair_Windows.exe as administrator
- Click “Jump to Repairs”
- Click “Open Repairs”
- Uncheck all of the fixes except “Repair Internet Explorer”
- Do it, and reboot.
Works very nicely.
A little amusement for the IPically inclined:
[jeb@jeb-pc ~]$ nslookup
> www.facebook.com
Server: 192.168.2.1
Address: 192.168.2.1#53
Non-authoritative answer:
www.facebook.com canonical name = star-mini.c10r.facebook.com.
Name: star-mini.c10r.facebook.com
Address: 157.240.19.35
Name: star-mini.c10r.facebook.com
Address: 2a03:2880:f134:83:face:b00c:0:25de
>
with the right router/firewall. I’ve had at least three different Netgears at home over years, all mid- or mid-high range in their consumer range at purchase. Every time, I tested using OEM up-to-date firmware, and tested with DD-WRT, many tweaks on both. DD-WRT gave a little improvement. On a little divine inspiration, I just did this:
- Took a ten-year-old quad-core Vista box with three gigs of RAM
- Put in a $40 quad Intel server NIC I bought from Amazon.com
- Installed pfSense and set it up in very default fashion, exceptions being use of 192.168.2.0/24 as LAN subnet, 192.168.2.1 as LAN IP. Not using the motherboard NIC, just two on the Intel card so far.
- Set my current DD-WRTed Netgear to do DHCP forwarding instead of serving, set it static to 192.168.2.2, left it otherwise alone
- Connected one LAN port of the Netgear to the LAN port I set up in pfSense
- Disconnected the WAN port of the Netgear, plugged Internet directly into the WAN port in pfSense
Suddenly WWW and Roku respond much faster, much less latency and jitter and other delay, and most unexpectedly, Internet download speed is much, much faster, even though the wifi is still running through the Netgear. And after a bit of performance tweaking, pings are lower, from 28ms down to 22 wired and 24 wireless.
Haven’t tried Squid proxying yet, or IPv6, but will be!
These items help a lot in any application, including desktop, web server, or terminal server. The end of this post has two large compilations of these settings, one for wired (“non-lossy”) networking, one for wireless (“lossy”).
On the vast majority of Linux distributions, one can just add these changes to /etc/sysctl.conf, and then run sysctl -p to apply them without reboot. However, recent additions to standards have enabled us to place custom settings in our own configuration files, so that we don’t take /etc/sysctl.conf out of distro control.
On recent Debian and Ubuntu, we may best put them in /etc/sysctl.d/60-custom.conf (or replace the word “custom” to your liking), and then run sysctl --system to load both /etc/sysctl.conf and everything under /etc/sysctl.d.
On some other recent distros, it’s /etc/sysctl.d/custom.conf (the word “custom” is still arbitrary), and then run systemctl restart systemd-sysctl.
You can check your results with sysctl -A.
The first selection is for wired networking performance:
net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control=illinois
A bit different first group for networking performance, is recommendable for anything involving wireless, i.e., “lossy” networks:
net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control = hybla
net.ipv4.tcp_allowed_congestion_control = hybla cubic
And then some general networking performance items:
net.core.rmem_default = 31457280
net.core.rmem_max = 12582912
net.core.wmem_default = 31457280
net.core.wmem_max = 12582912
net.core.somaxconn = 4096
net.core.netdev_max_backlog = 65536
net.core.optmem_max = 25165824
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.ipv4.udp_mem = 8388608 8388608 8388608
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.route.flush=1
And some for network security enhancement:
net.ipv4.tcp_synack_retries = 2
net.ipv4.ip_local_port_range = 2000 65535
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15
And now a few to keep virtual memory usage under good control:
vm.swappiness=20
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2
And one to increase the maximum number of open and watched files, very helpful indeed for servers, file synchronization of all sorts, and many other functions:
fs.file-max = 2097152
fs.inotify.max_user_watches = 524288
The above was compiled from these two excellent articles:
http://www.networkworld.com/article/2227856/opensource-subnet/best-networking-tweaks-for-linux.html
https://easyengine.io/tutorials/linux/sysctl-conf/
and other sources. Here is the whole set for wired (non-lossy) networking:
net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control=illinois
pre. net.core.rmem_default = 31457280
net.core.rmem_max = 12582912
net.core.wmem_default = 31457280
net.core.wmem_max = 12582912
net.core.somaxconn = 4096
net.core.netdev_max_backlog = 65536
net.core.optmem_max = 25165824
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.ipv4.udp_mem = 8388608 8388608 8388608
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.route.flush=1
vm.swappiness=20
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2
fs.file-max = 2097152
fs.inotify.max_user_watches = 524288
and another full set for wireless / lossy networking:
net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control = hybla
net.ipv4.tcp_allowed_congestion_control = hybla cubic
pre. net.core.rmem_default = 31457280
net.core.rmem_max = 12582912
net.core.wmem_default = 31457280
net.core.wmem_max = 12582912
net.core.somaxconn = 4096
net.core.netdev_max_backlog = 65536
net.core.optmem_max = 25165824
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.ipv4.udp_mem = 8388608 8388608 8388608
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.route.flush=1
vm.swappiness=20
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2
fs.file-max = 2097152
fs.inotify.max_user_watches = 524288
Here is the only complete method known to this writer:
https://www.powershellgallery.com/packages/VcRedist
Steps:
- You’ll need the PowerShell Gallery. Windows 10 and WMF 5.0 come with it.
- VcRedist is the tool. In administrative PowerShell (the -Force takes in any new updates):
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Install-Module -Name VcRedist -Force
Import-Module -Name VcRedist
New-Item C:\VcRedist -ItemType Directory
Get-VcList | Get-VcRedist -Path C:\VcRedist
Get-VcList | Install-VcRedist -Path C:\VcRedist
- And optionally last,
rmdir /s /q C:\VcRedist
The above installs all of the redistributables which Microsoft currently supports. Some older ones (going back to 2005 at this writing) can be had using this:
Get-VcList -Export All
instead of this:
Get-VcList
Remote Web Workplace. Certificates are verified AOK, and yet at the point of RDP, you receive a popup reading “Your computer can’t connect to the remote computer because no certificate was configured to use at the Remote Desktop Gateway server. Contact your network administrator for assistance.”
To fix this, you’ll need the Remote Desktop Gateway Manager. If you have it, it’s in Start, Administrative Tools, Remote Desktop Services. If you don’t have it, install it:
dism /online /Enable-Feature:Gateway-UI
Then:
- Open the RDGM.
- Right-click the server object, open properties.
- Open the SSL Certificate tab.
- Click Import Certificate.
- Choose the correct certificate — it’s the Exchange list, if this is SBS — and click OK.
