Run Linux on Windows 10
article #1175, updated 1 day ago

From the extraordinary Mike Hunsinger:

Today I learned something fascinating. You can run linux as a Windows Subsystem w/o using a vm or dual-boot. All you have to do is run PS as admin, execute this:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

reboot when prompted and then you can use the windows store to install just about any Linux distro you want.

This article describes folks running Linux GUI apps talking to Windows-native X Windows. Ponderworthy hasn’t tested this yet, but the following X server looks like a very worthy candidate:

sourceforge.net/projects/vcxsrv/

Categories:   Windows OS-Level Issues   Linux OS-level Issues

==============

DNSBL Sources
article #1174, updated 2 days ago

A number of Internet tools use DNSBLs (DNS blacklists) and retrieve them by HTTP/HTTPS. Here are a number of good resources for this.

www.reddit.com/r/PFSENSE/comments/7s3ug9/pfblockerng_recommended_lists/

forum.it-monkey.net/index.php?topic=17.0

supratim-sanyal.blogspot.com/2017/04/pfsense-pfblockerng-ultimate-list-of-ip.html

Categories:   Internet Networking   Security

==============

Internet connection speed tests
article #182, updated 7 days ago

A really good one:

https://testmy.net/SmarTest/combinedAuto

and another:

https://sourceforge.net/speedtest/

Here’s the first one we saw which was HTML5 only, no Flash or Java:

http://www.bandwidthplace.com

Here’s a commonly used one which requires Flash:

http://www.speedtest.net

And another which uses java:

http://www.speakeasy.net/speedtest/

Categories:   Internet Networking   LAN Networking

==============

When Internet Explorer crashes and nothing else works
article #1172, updated 7 days ago

Get the portable version here:

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

  1. Unpack it
  2. Run Repair_Windows.exe as administrator
  3. Click “Jump to Repairs”
  4. Click “Open Repairs”
  5. Uncheck all of the fixes except “Repair Internet Explorer”
  6. Do it, and reboot.

Works very nicely.

Categories:   Windows OS-Level Issues   

==============

Anyone catch Facebook's IPv6?
article #1171, updated 12 days ago

A little amusement for the IPically inclined:

[jeb@jeb-pc ~]$ nslookup
> www.facebook.com
Server:		192.168.2.1
Address:	192.168.2.1#53

Non-authoritative answer:
www.facebook.com	canonical name = star-mini.c10r.facebook.com.
Name:	star-mini.c10r.facebook.com
Address: 157.240.19.35
Name:	star-mini.c10r.facebook.com
Address: 2a03:2880:f134:83:face:b00c:0:25de
> 

Categories:   Funny   

==============

Improve Internet and wireless speed tremendously
article #1170, updated 12 days ago

with the right router/firewall. I’ve had at least three different Netgears at home over years, all mid- or mid-high range in their consumer range at purchase. Every time, I tested using OEM up-to-date firmware, and tested with DD-WRT, many tweaks on both. DD-WRT gave a little improvement. On a little divine inspiration, I just did this:

  • Took a ten-year-old quad-core Vista box with three gigs of RAM
  • Put in a $40 quad Intel server NIC I bought from Amazon.com
  • Installed pfSense and set it up in very default fashion, exceptions being use of 192.168.2.0/24 as LAN subnet, 192.168.2.1 as LAN IP. Not using the motherboard NIC, just two on the Intel card so far.
  • Set my current DD-WRTed Netgear to do DHCP forwarding instead of serving, set it static to 192.168.2.2, left it otherwise alone
  • Connected one LAN port of the Netgear to the LAN port I set up in pfSense
  • Disconnected the WAN port of the Netgear, plugged Internet directly into the WAN port in pfSense

Suddenly WWW and Roku respond much faster, much less latency and jitter and other delay, and most unexpectedly, Internet download speed is much, much faster, even though the wifi is still running through the Netgear. And after a bit of performance tweaking, pings are lower, from 28ms down to 22 wired and 24 wireless.

Haven’t tried Squid proxying yet, or IPv6, but will be!

Categories:   Performance   Router/Firewall Configuration

==============

Linux Speed, Responsiveness, and Latency Reduction with 'sysctl' Settings
article #892, updated 12 days ago

These items help a lot in any application, including desktop, web server, or terminal server. The end of this post has two large compilations of these settings, one for wired (“non-lossy”) networking, one for wireless (“lossy”).

On the vast majority of Linux distributions, one can just add these changes to /etc/sysctl.conf, and then run sysctl -p to apply them without reboot. However, recent additions to standards have enabled us to place custom settings in our own configuration files, so that we don’t take /etc/sysctl.conf out of distro control.

On recent Debian and Ubuntu, we may best put them in /etc/sysctl.d/60-custom.conf (or replace the word “custom” to your liking), and then run sysctl --system to load both /etc/sysctl.conf and everything under /etc/sysctl.d.

On some other recent distros, it’s /etc/sysctl.d/custom.conf (the word “custom” is still arbitrary), and then run systemctl restart systemd-sysctl.

You can check your results with sysctl -A.

The first selection is for wired networking performance:

net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control=illinois

A bit different first group for networking performance, is recommendable for anything involving wireless, i.e., “lossy” networks:

net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control = hybla
net.ipv4.tcp_allowed_congestion_control = hybla cubic

And then some general networking performance items:

net.core.rmem_default = 31457280
net.core.rmem_max = 12582912
net.core.wmem_default = 31457280
net.core.wmem_max = 12582912
net.core.somaxconn = 4096
net.core.netdev_max_backlog = 65536
net.core.optmem_max = 25165824
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.ipv4.udp_mem = 8388608 8388608 8388608
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.route.flush=1

And some for network security enhancement:

net.ipv4.tcp_synack_retries = 2
net.ipv4.ip_local_port_range = 2000 65535
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15

And now a few to keep virtual memory usage under good control:

vm.swappiness=20
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2

And one to increase the maximum number of open and watched files, very helpful indeed for servers, file synchronization of all sorts, and many other functions:

fs.file-max = 2097152
fs.inotify.max_user_watches = 524288

The above was compiled from these two excellent articles:

http://www.networkworld.com/article/2227856/opensource-subnet/best-networking-tweaks-for-linux.html
https://easyengine.io/tutorials/linux/sysctl-conf/

and other sources. Here is the whole set for wired (non-lossy) networking:

net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control=illinois
pre. net.core.rmem_default = 31457280
net.core.rmem_max = 12582912
net.core.wmem_default = 31457280
net.core.wmem_max = 12582912
net.core.somaxconn = 4096
net.core.netdev_max_backlog = 65536
net.core.optmem_max = 25165824
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.ipv4.udp_mem = 8388608 8388608 8388608
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.route.flush=1
vm.swappiness=20
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2
fs.file-max = 2097152
fs.inotify.max_user_watches = 524288

and another full set for wireless / lossy networking:

net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc=0
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control = hybla
net.ipv4.tcp_allowed_congestion_control = hybla cubic
pre. net.core.rmem_default = 31457280
net.core.rmem_max = 12582912
net.core.wmem_default = 31457280
net.core.wmem_max = 12582912
net.core.somaxconn = 4096
net.core.netdev_max_backlog = 65536
net.core.optmem_max = 25165824
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.ipv4.udp_mem = 8388608 8388608 8388608
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.route.flush=1
vm.swappiness=20
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2
fs.file-max = 2097152
fs.inotify.max_user_watches = 524288

Categories:   Performance   Linux OS-level Issues

==============

Migrate Windows file shares between servers, with permissions
article #1168, updated 14 days ago

Good article, sent by the remarkable Zach Hogan:

https://sysblogging.com/2015/12/29/how-to-migrate-windows-file-server-shares-with-ntfs-permissions/

Categories:   Servers   

==============

Install All Microsoft Redistributable VC++ Runtimes
article #643, updated 18 days ago

Here is the only complete method known to this writer:

https://www.powershellgallery.com/packages/VcRedist

Steps:

  1. You’ll need the PowerShell Gallery. Windows 10 and WMF 5.0 come with it.
  1. VcRedist is the tool. In administrative PowerShell (the -Force takes in any new updates):
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Install-Module -Name VcRedist -Force
Import-Module -Name VcRedist
New-Item C:\VcRedist -ItemType Directory
Get-VcList | Get-VcRedist -Path C:\VcRedist
Get-VcList | Install-VcRedist -Path C:\VcRedist
  1. And optionally last,
rmdir /s /q C:\VcRedist

The above installs all of the redistributables which Microsoft currently supports. Some older ones (going back to 2005 at this writing) can be had using this:

Get-VcList -Export All

instead of this:

Get-VcList

Categories:   Windows OS-Level Issues   Windows Installer and Updates

==============

RWW failure due to certificate issue
article #1167, updated 28 days ago

Remote Web Workplace. Certificates are verified AOK, and yet at the point of RDP, you receive a popup reading “Your computer can’t connect to the remote computer because no certificate was configured to use at the Remote Desktop Gateway server. Contact your network administrator for assistance.”

To fix this, you’ll need the Remote Desktop Gateway Manager. If you have it, it’s in Start, Administrative Tools, Remote Desktop Services. If you don’t have it, install it:

dism /online /Enable-Feature:Gateway-UI

Then:

  1. Open the RDGM.
  2. Right-click the server object, open properties.
  3. Open the SSL Certificate tab.
  4. Click Import Certificate.
  5. Choose the correct certificate — it’s the Exchange list, if this is SBS — and click OK.

Categories:   Certificates   Remote Access