Archive

Archives pour la catégorie ‘Général @en’

For Trend Micro the Internet is full of spammers …

We are having since recently more and more problems when sending e-mail to users having a Trend Micro product installed, especially one with a RBL service.

The error you can see is more or less this one :

<recipient@domain.com>: host mail.domain.com[xx.xx.xx.xx] refused to talk to me: 550 Service unavailable; Client host [your.ip] blocked using Trend
Micro RBL+.Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address=your.ip

This is a rather « usual » RBL reject message and we are using similar techniques but with a major difference : we carefully choose the lists according to the weighted false positive/spam ratio !

We asked Trend Micro to remove many many addresses that were listed in fact all on their DUL list (that should by its name only list Dynamic IP addresses). They simply listed a major part of the Internet in this list waiting for ISP to themselves take time to ask Trend Micro to remove the IP ranges.

It makes me laugh a lot since ISP have no care at all of one severely flawed service provider and it’s not their business to spend time doing this ; they have much more important things to do on the networks…

Trend Micro administrators seem to not be able to simply read a WHOIS record, we showed them many that clearly stated « static pool » or « statically allocated PA » but they were not able to understand (a 4 year-old English reading kid would do better …)

My conclusion is very simple : do not use Trend Micro products at all ! Their RBL are completely flawed with false positives (so they remain useless) and since their technical team doesn’t want to check « manually » when we gently ask for removal, you should avoid anything they do ! (Actually, to me, this kind of refusal to do something that is their business shows clearly how they respect their customers and manage their services …)

And even if some major companies seem to still use their products, you’ll see very soon that either Trend Micro will handle requests correctly and politely or otherwise they will not sell any of their RBL/DUL/RBL+ embedded product anymore. If you are one of their customer, you should contact them about this problem to show your interest of being able to receive legitimate e-mails …
By the way, for administrators paying only for access to their RBL+ service you really should try other free and more efficient RBLs, like zen.spamhaus.org. This one is much much better !

To virtualize or not to virtualize …

02/06/2010 Comments off

Seeing everyone becoming crazy about virtualization latest years, especially for some months, my « technician » point of view is completely amazed by the fundamental nonsense everyone puts in this.

Major companies are virtualizing almost all their servers and even smaller companies ask us now to help them virtualize their IT infrastructure.

I must admit, even if I use virtualized machines everyday and have been quite informed in this matter for some years that I still cannot understand the actual buzz about it.

Hey guys, it’s a technology, nothing more, nothing less !

As with any technology, especially a new one, we must provide use cases, pros and cons, and balance the usage we make out of it.

In magazines and some self-called « specialized » IT shows or blogs, everyone seems crazy with virtualization, being the remedy of all IT problems. Remember the green powder from IBM ? It seems to have come true !

More seriously, what virtualization really is ? Only a mean to abstract the hardware part of a computer (especially a server) and run a complete OS on top of it (or many OSes nowadays). It involves very complex and yet insecure mechanisms to achieve this goal and consumes a lot of computing power, even when hardware accelerated, to get everything running « almost fine ».

But, the main reasons I decided to write this article where :

  • a so-called « IT Magazine » (in France we have many that spit completely useless assumptions about what an IT infrastructure should be and deserves us rather that anything else) that was pretending the new trend to be « desktop virtualization », what a nonsense ! (I will explain later) Everything « virtualized » seem to make them sell better, what a mess …
  • seing many companies, even customers, trying to virtualize services on many instances of the same OS (in this case Linux !) on underpowered machines and getting catastrophic results, so low that they had to go back completely on « traditional » hardware powered single OS per machine.

People should think before they do, we always say that, but in this case it does apply very well.

Of course, you get less power by virtualizing many instances of a same OS rather than executing this OS only once ! Usually the performance loss is not negligible even if acceptable. Virtualizing many Linux instances on a Linux host is a complete mess for me. This particular OS has great abilities to isolate (chroot) environments, make safe protections and even live audit the running kernel to enforce policies on processes and filesystems. It’s technically completely useless to run many Linux instances on a Linux host !

But when thinking about it, the main problem with this approach is that we are transferring the complexities of managing correctly, with care, good knowledge and intelligent conception and communication between the developing team and the production team, to products that are much more complex but promise to be really easy to manage…

It appears as if most IT teams have much lowered their expectations for the team members and are trying to compensate with technologies to try hiding the fact that they member don’t exactly understand well what happens for example on a Linux kernel…

Don’t misunderstand me, I am a great fan of virtualization, we use it, on purpose, for tasks or applications that really need it. In fact it’s proven to be very useful to test OS configurations, start and stop (and restart) machines for OS or network tests very quickly, host a different OS for specific purposes, or even virtualize customers’ parts of infrastructure to make a test environment in almost the same conditions.

Hardware has never been cheaper and powerful, 8 to 12 cores processors are emerging at affordable prices on the market now, why not simply buy a computer (server) each time you need a different OS instance ? Even data-centers use now very small servers to be space efficient, but still use a full computer to host OS and services. If you saw news about the « SheevaPlug », you have seen an impressive computer with an exceptional size/power/consumption ratio. Having less hardware won’t even cost you less licenses ! (for those who still use inferior OSes with expensive license fees, even when not needed…)

Virtualizing the desktop part of an IT infrastructure is even funnier. I first thought it was a joke ! In fact it seems we’re coming back to the terminal paradigm. IT managers don’t want to spend time on making useful, adapted and efficient configurations and manage hardware differences, they want everything to be uniform, uniformly accessible … Why don’t you even ask people to be all the same : same sex, same color, and so on ? Terminals have always used the least efficient denominator of network and servers capabilities, because as always, if you still have low end old machines, everyone else should be compatible with them (complete waste of resources…)

Anyway, I know you readers are not going to stop virtualizing everything (why not virtualize the OS on your Phone then ?) but please, please, pay more attention to what really needs virtualization (and brings real and important benefits) and what should continue to work on always cheaper, smaller, and power-efficient hardware.

I didn’t write about the risks, that are obviously much more important with less servers doing more « work » since I didn’t want this article to be even longer, you can easily conclude about what I think of this, especially when a strong demand goes now about being more redundant, more secure, and more fail-safe…  « Don’t put all your eggs in the same basket » says the idiom, even in French !

Layer break for DVD+R DL with growisofs / dvd+rw-tools

I’ve started recently to play around with DVD+R DL because they start becoming cheaper and some applications really need them 🙂

I was very surprised that the current version of growisofs / dvd+rw-tools (7.1) advertises layer break position setting support but in reality I couldn’t get it to break where I want.

Looking at the code (especially from growisofs_mmc.cpp) I found very strange that the « -use-the-force-luke=break:NNNN » option wasn’t really used either in calculations or cuesheet sending.

Investigating a little bit more in the code I produced the following patch that I have sent upstream to get it included somehow in the next version.

It allows a user (who should be careful of what it does 🙂 ) to manually force a layer break position for DVD+R DL burning. (For those of you who haven’t had this problem yet please notice that : DVD-R DL (minus) DO NOT allow layer position to be changed, that said you should know what to do … only DVD+R DL (plus) allow that)

For this patch to work you have to specify « -dvd-compat » on the command line, otherwise the cuesheet sending code is not called (I didn’t understand exactly why…) and the layer break wouldn’t be set …

In any case the output of growisofs command should tell you where the layer break is going to be set.

I’ve tested it succesfully for a dozen of DL burns with or without layer break so it should be safe enough (the patch is not very intrusive anyways ; I also tested without the option to see if the normal behavior was preserved…)

Use it this way :

growisofs -dvd-compat [your other options here] -use-the-force-luke=break:XXXX [where XXXX is the layer break in sectors] -Z /dev/[your device]=[image.iso]

for example 🙂 :

growisofs -dvd-compat -use-the-force-luke=break:2084960 -use-the-force-luke=dao -Z /dev/sr0=/home/johndoe/m.iso

note the dao option usage that will close the session, otherwise the disc would remain « open » if it’s not full and depending on what you burn you’d really want to close the session trust me 🙂

Have an happy dual layer with positionned break burning !

Attachment : dvd+rw-tools-7.1-layerbreaksetup.patch

Note: use a command similar to apply (change to -p 1 depending on where you are) :

patch -p 0 < dvdrw-tools-7.1-layerbreaksetup.patch

Getting rid of Computrace on Dell Inspiron mini 10v (Inspiron 1011)

Today I just received my very small and not so shiny Dell Inspiron mini 10v (1011 model). I will possibly make a review later if there is enough popular demand 🙂

Playing with the BIOS I activated « Computrace » to see what it means, thinking that it was some sort of TPM module. What a mess !! I didn’t pay attention at all that this setting could not be changed later… or could it ? 🙂

Do the following at your own risk of course …

I grabbed a bootdisk (floppy image) with Dell utilities on it (especially ASSET.COM and EE-VALUE.EXE)

(Google is your friend, don’t even try to ask about any non-opensource download here…)

After some fight with those utilities I finally found how to change Service Tag and Asset Tag from my small laptop. I read posts on different forums that it should be enough to reset Computrace but it wasn’t …

So to change Service Tag use

ASSET /S /D (to delete and set it up again in the BIOS menu) or

ASSET /S NEWTAG

Depending on asset version it should work flawlessly, I tried ASSET_A209.EXE and it didn’t work for me (an old version did)

Use similar commands without /S to change Asset Tag.

But the trickiest part was to deactivate the damn Computrace module in BIOS.

This time we would use EE-VALUE that allows to set a value directly on the BIOS NVRAM (not sure about CMOS of NVRAM but anyways…) and looking at different values I finally found (using EE-VALUE /D to display contents) that there was a strange value at offset 0x50.

Using

EE-VALUE /W=50,FF

will reset it to default and then you will be able to select or disable it again.

If you have any doubt or if you have a different laptop check first with

EE-VALUE /D

and try to find any « 03 » (activated) or strange value around 0x50.

Very strong protection from Absolute Software guys ! It takes seconds to remove once your laptop has been stolen, very efficient …

I had this error for a long time before discovering I could do it directly with EE-VALUE so I put it here for indexing purposes :

SVCTAG.EXE version 3.3

I told you what I am. But what are you?

EE-CPB.exe: Error 0

Now, then I’m going back to my fresh Slackware 13.0 install again. Thanks for reading and I hope this will help people with Dell laptop to manage their « Computrace » settings like they want.

SIP Fax detection with Asterisk 1.6.2.0

Here it goes again, still the same problems for detecting voice based fax calls on Asterisk 1.6.

I know that « we should use T38 » or « get a decent SIP provider » are all along the way but hey! I’m using Free with it’s freephonie service in France and we’re even getting multiple ADSL connections (from different companies that are in the same building) and bridged them together to an Asterisk server.

It’s very handy, we get SIP trunking for a very small fee : free 🙂 but in fact it’s in a whole package for 30€ per month : ADSL2+, Free telephony, HD TV (tax included)

So, I wanted to post about the recent « patch » I prepared after upgrading to Asterisk 1.6.2.0-beta2.

Why upgrade to a beta version ? Simple, since there was advertised Fax detection support for T38 (which should work, I didn’t test since I don’t have a decent provider with T38 support 😉 ).

Looking at the chan_sip.c code I figured out it was very easy to tweak the fax detection code to also do detection on SIP audio channels,but … I was plain wrong ! In fact it could have worked but it’s much more difficult than it seems. To make a long story short, I looked more deeply at the NV Faxdetect applications (from Justin Newman) and in fact they use a similar approach that the one I finally got through : use Asterisk DSP to actually do the detection and then branch on the dialplan to « fax » extension (code already done in 1.6.2 for T38 only).

Removing specific T38 tests I almost got through after spending 3 hours to finally get to a point that was very near NV Faxdetect : I first had to switch to slinear before using DSP (or it wouldn’t detect faxes at all, if someone knows why please tell me 🙂 ) and then switch back to alaw or ulaw (what came first) to get the call through.

Seing that I needed to patch chan_sip.c alot with very dirty hacks I finally decided to go back on app_nv_faxdetect.c and app_nv_backgrounddetect.c and simply patch them (with very little effort surprisingly) and got them to work perfectly with Asterisk 1.6.2.0-beta2 (the patch should certainly apply to later 1.6.2.x version relatively cleanly, just make sure to apply it on vanilla sources *before* ./configure and make menuselect ; issue a make distclean if you didn’t)

I remembered I used to leave some mails to Justin, asking me to wait for a new version to come out and many people on http://www.voip-info.org seemed to have tried to patch it (or at least asked to) and noone managed to get a working version for 1.6.x.

Here it goes, but I’m very surprised I had to change very little portions of code (nothing really important, only definition and variable name changes) and everything has been working very well here for more than 2 weeks, with more than a dozen faxes correctly detected.

If you need to, leave me a comment since I started to test at home (yes I also have an Asterisk box at home 😉 ) and I patched a version for Asterisk 1.6.1.0 that compiled and worked flawlessly.

Be sure to grab the patch attached here and enjoy your fax detection on voice part of SIP channels 🙂

asterisk-1620-beta2-faxdetect.diff

See you for other Asterisk weirdnesses, I have some more to post !!