Geek Tidbits

Only 3 weeks to one of the biggest holidays of the year. If you’re like me, you probably haven’t started shopping for friends and relatives yet. So what to get those techy people? Here are some things that I came across that might just do the trick.

Geeky Wrapping Paper. Can’t figure a gift for that geek on your list? No matter, buy them a tie and wrap it in your choice of Binary, Emoticons and 4 other sharp papers!

The Ratcheting Hex Key Wrench. I like tools. I hate hex keys. This looks easier. There ya go.

The Wi-Fi Smart Rabbit. Looks silly, but this rabbit won’t multiply. Instead, it will monitor your RSS feeds and read your email aloud.

Need a managed dedicated server? Give us a look. (ED NOTE: Shameless plug)

Back Up Pal. This is a clever device that backs up your cell phone data. This accessory will backup and transfer phone numbers and contact information between multiple phones. So no worries next time you leave your Crackberry in your pants and send it through the wash.

Solar Powered Bag. Make that geek look chic and get them environmentally minded at the same time.

The 20 Questions Ball. So you are waiting for a kernel to compile. Wanna mess with your head? Grab the ball and play 20 Questions.

Floppy Disk CD-R’s. Little bit of a nostalgia trip. Guess ya have to store the CD’s in something.

Mimobots. Need a USB drive for that Star Wars fan. Look no further.

And what is yours truly looking for underneath the tree this year? Well, I’m known to be hard to buy for, but this caught my eye. I’m hoping it plays the theme to Match Game ’75.

Happy Gift Hunting!

The title was enough to get you to click, wasn't it. Yeah, I got one. Here's my .02......

So I bought the iPhone a few weeks ago. After rigorous testing (yeah, right), this is what I think of it.

1) Its pretty. Goofy thing to say, I know. But ya have to say the phone is a looker.

2) I can't read a .pdf without a magnifying glass. You'd think that if I could expand Safari to allow me to see web pages better, Apple would employ the same technology to allow me to enlarge an attachment.

3) No 3G. That really sucks. WiFi is nice, but damn..gimme some kinda speedier network. I'm not Bill Slowsky for cryin out loud.

4) I like the idea of my iPod and my phone being one. But I was forced to remove a lot of music from my library. It probably needed to be pruned anyway. But 8GB..yuk.

5) The touch screen is very cool. Gotta give props where props are due.

6) Don't make me buy an adapter for my old headphones. That's weak.

So I could regurgitate all the opinions, both pro and con. In the end, it works for me cause I got rid of my Crackberry and I can't sync to my Exchange server, so I can't get emails late at night. My wifey likes that feature best of all. Me on the other hand...I may be in email rehab soon.

The Internet is a dangerous place. Exploits are constantly being identified (keeping your services updated?), one of which stimulated the world to close its nameservers. The security concern I'm referring to has been around for quite some time, yet it continues to be a problem. We get a ticket maybe once a week or so regarding open dns servers, so I figured I'd break it down for everyone.

What's an open DNS server? Glad you asked. It's simple, really. Most nameservers host the DNS records for a few domains. These nameservers are authoritative for those domains, and should respond to DNS lookups for those domains. However, if a nameserver receives a request for some other domain (one for which the nameserver is not authoritative), then it will forward the request on to the authoritative nameserver, and pass along the answer when the response comes back. This behaviour is referred to as a recursive lookup, and this is what we're trying to prevent. Servers that will perform recursive queries for anyone who asks are open DNS servers.

The attack:
Why are open DNS servers bad? Open DNS servers are the primary ingredient in a DDoS (Distributed Denial of Service) attack referred to as DNS Amplification The attack, like most DDoS attacks, is a complicated mess of servers all working together toward the ultimate demise of an unfortunate third party. Basically, the attacker(s) craft a DNS request and send this off to any number of open DNS servers. The meat of the attack is in how this request is made. In fact, the request itself is so important that it merits its own paragraph.

One thing to understand about DNS responses is that they actually contain the original request. This means that if the attacker spoofs his own IP and puts a bunch of garbage in the request, he can ultimately get the open DNS servers to send an arbitrary amount of junk to any given server. That's basically how the attack works. The request is modified so it looks like it came from an arbitrary server (the target). Also, a bunch of useless junk is added to the request, just to make it large. The request is then sent to open DNS servers, which proceed to answer the request and respond to the target, because it looks like the target made the request. At that point all the open DNS servers start bombing the target with these large responses that end up getting fragmented, and the attack manifests itself as a full-blown DDoS.

The defense:
The interesting thing about this vulnerability is that it doesn't necessarily harm the servers that are vulnerable. The open DNS servers themselves are just tools used to attack a third party. Still, I encourage everyone to close their nameservers. Do unto others, no? So how do you know if your nameserver is vulnerable? The easiest way is probably to do a test on dnsreport.com. Dnsreport also provides a quick-reference sheet for closing your nameservers The guide is a little vague, but contains most of the info you need. Naturally, if any FastServers customers have questions, all of the techs are happy to provide assistance.

There's one caveat that I've glossed over. If every nameserver worldwide is refusing to perform recursive queries, then how will you ever resolve arbitrary domains? For example, if you want to resolve google.com without performing a recursive query, won't you have to ask the authoritative nameserver for the domain google.com? The same goes for yahoo.com, fastservers.net, starwars.com, etc. The solution to this problem is to allow recursive queries, but only for particular subnets. Your ISP probably gave you a list of DNS servers to use as resolvers for your PC. These resolvers are nameservers that will perform recursive queries for your IP, and any other IP in that ISP's subnet. FastServers provides a similar service for all the servers on our IP ranges. Our caching nameservers will perform recursive queries for your servers, but will refuse the service to the rest of the world. If/When you're closing your own nameservers, you may need to make this modification for your own IP(s). That having been said, you're probably not using your server as a resolver, so chances are you won't need to worry about that.

Summary:
People as a whole are largely unaware of the problem with open DNS servers. To see if your server is vulnerable, run a test on dnsreport.com. If your nameserver is open, close it using the information on dnsreport, or talk to your favourite tech (or whoever's working). When closing your nameservers, you may have to specifically allow recursive queries from particular subnets. As always, the techs are here to help.

The red button I speak of in this context is the metaphorical reboot switch. Granted, since your servers are all contained in a state-of-the-art data center in locked cages behind bomb-proof walls and high-tech security, you never actually get to 'push' the button, and for that matter most of the buttons aren't even red, but you're reading this now, which means the title got your attention. More than just this, the title serves as an introduction to the content in that I'll be bringing to light a few reasons why you may or may not want to reboot your server(s).

I'm sure everyone has received advice at some point during their lives to "Just reboot it." I know I have heard it, and I'll admit that when I'm truly stumped I'll sometimes do just that. However, rebooting is not always the answer. Working as a tech here at FastServers, I've seen any number of server problems, and I'll stand right up and say that a reboot is almost never the best solution. In fact, rebooting is often not a solution at all. If you're noticing an error somewhere, or some service isn't working properly for any number of reasons, there is always a reason for the problem. Servers do not randomly develop a glitch in the flux capacitor. Since there is a particular source causing the problem, it stands to reason that this source can be found and corrected. However, rebooting a server re-initializes all the services, and often clears away most of the evidence you, or we, could use to find the source of the problem. If you are seeing a problem with the server, you want to investigate any error messages you're seeing. If you aren't seeing messages, head straight for the log files, where you will usually find an error message. From that point you can use the error message to find the source of the problem, correct it, and then test to ensure the problem is in fact resolved.

Hopefully I just made a point, though it may have been a bit convoluted. Basically, rebooting may make the problem go away, but if so then you don't have any idea what caused the problem in the first place. This is more or less the same idea as with restarting services. I had a problem with my own server awhile back in which apache (the web service) started dishing out an internal server error every time I accessed a page that ran a cgi script. I couldn't restart apache directly, but if I killed off the processes and then started the service fresh, it worked fine. The problem was, it started dishing out the 500's again after a day or so. As it turns out, I had inadvertently configured ulimit to restrict the number of processes running as apache. Once this peak amount was reached, apache snapped and could no longer run cgi scripts, at least until it was restarted. I was only able to solve this by leaving the web server in the broken state long enough to test the issue and find all the error messages. The point I'm trying to make through all of this is that if you're trying to fix a problem, don't just attack the symptoms. Rebooting may make the problem go away, but your job isn't done if the problem comes back. If you investigate the symptoms, you should be able to find the source.

This philosophy applies for opening tickets with our tech department as well. If your mail server freezes up after six hours and then needs to be restarted/rebooted, we really need to see it while the problem is occurring. I can not even begin to explain how difficult it is to troubleshoot a problem I can't see. I know it's tough, but if at all possible we need to leave the service in a broken state until we're able to find the cause.

So far I've been detailing all kinds of reasons why you should avoid rebooting your server. I'm really just trying to convince everyone that a reboot often doesn't solve the problem, but only hides it for awhile. On top of that, the solution is often a much smaller change to the server, so a reboot is like using a sledgehammer to drive a finishing nail (My roommate is a construction worker).

In addition to persuading all the webhosts out there to avoid reboots, I'd also like to encourage you to reboot. No, don't get out the straightjacket yet; that sentence isn't completely insane. Reboots have their time and place. People have a tendency to use reboots as the technology cure-all, but others have a deep-seated fear of rebooting. This fear isn't completely unjustified. I've seen a number of servers go belly-up during a reboot, but having said that, I've also seen many, many more reboots go off without a hitch.

For linux servers, kernel updates are dreadfully important (as are all updates), and require a reboot. A major advantage of linux servers is the ability to have multiple kernels installed at once. If the server fails to come online with a new kernel, we may be able to simply reboot to an old one. There are even ways of configuring the boot loader to try a new kernel once, so if it fails then a simple reboot will default to the old kernel. If you're interested in how this works, do a Google search for "grub savedefault once" or open a ticket with our tech department and ask about it.

For Windows servers, reboots are more common, as they are usually required with every round of Windows updates. In this case, DEFCON 1, 2, and 3 customers have an advantage. Our update-deployment software is really powerful in that it will automatically roll-back any updates that cause problems and raise an alert so we can look closer at why the update failed. DEFCON 4 and 5 customers don't have this advantage provided through FastServers, but that doesn't make updates any less important, and if Microsoft says a reboot is required to complete the installation of updates, they mean it. Even though updates may have been installed, that has only changed the information on the hard drive, and the old version is still loaded into memory, and is still the one running until a reboot occurs.

Reboots can be scary, but they are necessary, particularly for updates. If updates are not completed with necessary reboots, the updates may as well have never been applied at all. Without updates, servers will be hacked/infected/compromised/rooted/etc. Once that happens, the only thing we can do is reinstall. It's much safer to risk a reboot before that happens. Of course, reboots don't have to be dangerous. Truth be told, servers almost always come back online successfully after a reboot, so it's not all that dangerous to begin with. Even so, steps can be taken to reduce the risk that comes with reboots. If you are afraid of rebooting a server, feel free to open a ticket with our tech department. If you have any specific concerns, be sure to let us know. The more information we have, the better we can provide support.

Last but not least, what should you do if you've already rebooted the server and it's not coming back up? Obviously, you'll have to contact us. If you can't reach the server remotely, you can't do much for it from where you are. If we can't reach it remotely, we'll probably have to reboot it manually to get keyboard and mouse support. At this point, the time it takes us to bring the server back online is based on how much information we have. We don't necessarily *need* to know that the server was rebooted to a freshly-compiled kernel and never came back online, but that information could prove to be the difference between a 10 minute turnaround and a 30-40 minute turnaround. The more information you can give us about what the server was doing before/while it went offline, the faster we'll be able to have you back in business.

In summary, I'm long-winded. Having said that, just keep a few things in mind:
-Reboots don't solve problems, they hide problems.
-Sometimes reboots are necessary. Don't fear them.
-If anything goes wrong, increased information translates directly into faster turnaround times.

Ladies and Gentlemen... welcome to 2007! All of us here at FastServers.Net would like to wish you a Happy New Year and hope that all of your business ventures perform exceptionally well! We believe that FastServers.Net can help you achieve those goals, so keep us in mind anytime you need additional server support.



Along with a new year, we find new and emerging technologies to evaluate. In this post, I'd like to review the following article: http://www.informationweek.com/news/showArticle.jhtml?articleID=196800208

This article focuses on five of the most significant advances in the technology realm. The following were reviewed:

* RFID (Radio Frequency Identification)
* Web Services
* Server Virtualization
* Graphics Processing
* Mobile Security

I will evaluate the article's sections and discuss how they effect our company & industry.

1) RFID (Radio Frequency Identification)

First, a slight background on RFID: This technology allows for products, pallets, or even human beings, by the use of tags or transponders, to be tracked and kept in an inventory system. The use of this system in big business and government is apparent mostly in tracking products to maintain the supply chain and increase efficiency in the ordering process.

This article examines the main organizations trying to integrate this into their business model: Wal-Mart and the Federal Government. Both of these entities have large resources invested in this technology.

Pros: Easiest way to track movement of stock and inventory by radio wave location tracking, automated inventory system.
Cons: Long setup period, additional training requirements, wireless networking improvement, increased processing power and equipment to maintain new technology.

Potential usage in the dedicated server industry: stock tracking. Each piece of equipment (servers, workstations, monitors, etc.) we own would be tracked in the same manner as above.

2) Web Services

Seriously? Do I really need to cover this one? hahaha! This is our business, folks! If you need to host applications that will automate your company's services, we can provide you the server or services to do the same.

The advent of easier and less expensive (open-source) application software has made the inclusion of this service in your business model a much easier process and we expect it to continue becoming much easier of the next year(s).

Pros: inexpensive, fairly quick to setup, increased productivity and communication services, ease-of-use.
Cons: security of vital end-user data and encryption services must be kept at highest levels when using application-based software.

Potential usage in the dedicated server industry: This IS our industry. We provide internet-based application and web hosting services on a 24/7/365 basis.

3) Server Virtualization:

A quick explanation of this service: Server Virtualization means that software can be applied to allow for multiple operating systems to be applied to a single dedicated server and operated at the same time. Along with this, the memory and processing power of the server can be divided to allow for each virtual user to have a certain amount to themselves.

Pros: increase productivity of the hardware you have in stock, decrease hardware expenses.
Cons: over-utilization of hardware resources can cause issues to other customers on the same hardware.

Potential usage in the dedicated server industry: The use of Virtual Servers by hosting companies is fairly common. However, this is much like a shared service, so there are always issues with over-selling the server resources or over-utilization by certain customers using this service. FastServers.Net does not support this technology at the moment, as we feel that your own dedicated server will allow you to expand as you use or need more resources.

4) Graphics Processing:

This technology probably affects our industry the least of all of the listed components. The graphics processing functionality of a workstation or server usually depends on the hardware video card that is installed. Unless a customer is running a graphics-intensive program on their server via Remote Desktop on a server, this will not affect the functionality of the services that our company provides. The on-board graphics card should do the trick!

Pros: Advanced graphics rendering on workstations for GUI-based operating systems and programs, such as AutoCAD or video games, decreases reliance on workstation CPU.
Cons: High-end video cards can be priced in the thousands of dollars, driving computer budgets up.

Potential usage in the dedicated server industry: As the Windows operating system increases the graphics requirements to run the software (such as Windows Vista), the higher-end the graphics cards that are installed to workstations and laptops. However, don't expect much increase to the video requirements for basic web and application servers.

5) Mobile Security:

How many laptops, notepad computers, wireless PDAs, mobile smart phones or Blackberrys connect to your internal network on any given day? Probably quite a few. With the expansion of wireless and mobile communications, security measures for those gadgets must also be increased in the same way. No longer do encryption keys do the trick of blocking unwanted connections, as more and more easily-concealable spyware is deployed into those laptops and smart devices running Windows-based operating systems. Additional measures are being taken to integrate security scans of the mobile device for Anti-Virus definition updates or OS updates before they are even allowed to connect to the network.

Pros: increased efficiency of the private network and mobile devices due to eliminating virus or spyware connections.
Cons: implementation time and required scanning time upon each connection to the network, new technoloy expense.

Potential usage in the dedicated server industry: Mobile technology is growing in popularity within our office by leaps and bounds, including wireless network for laptops, Blackberries and mobile smart phones. The requirement of paying closer attention to your email, even when you're away from your desk, has pushed some employees to acquire Windows Mobile or Blackberry hand-helds that will check your email on-the-go.

In conclusion, we find that the technology noted above in the 5 different classes will continue to increase efficiency in the dedicated hosting environment. Even though this article was originally written from the viewpoint of the different examples being "disruptive" improvements in the technological fields, we feel that these will actually improve efficiency in the long run. While the increase in productivity may not be imminently experienced, these should pay off on the initial monetary and time investments in the end.

Thanks for reading! Long winded? Yes... but much needed to fully explain. Hopefully I didn't put you to sleep! :)

Questions/comments/discussions -> drew@fastservers.net

Have a WONDERFUL NEW YEAR! Cheers!